npm - jodit - Versions diffs - 4.10.2 → 4.11.2 - Mend

jodit 4.10.2 → 4.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/CHANGELOG.md +28 -0
package/es2015/jodit.css +1 -1
package/es2015/jodit.fat.min.js +121 -121
package/es2015/jodit.js +36183 -35886
package/es2015/jodit.min.js +121 -121
package/es2015/plugins/debug/debug.css +1 -1
package/es2015/plugins/debug/debug.js +1 -1
package/es2015/plugins/debug/debug.min.js +1 -1
package/es2015/plugins/speech-recognize/speech-recognize.css +1 -1
package/es2015/plugins/speech-recognize/speech-recognize.js +724 -724
package/es2015/plugins/speech-recognize/speech-recognize.min.js +2 -2
package/es2018/jodit.fat.min.js +121 -121
package/es2018/jodit.min.js +121 -121
package/es2018/plugins/debug/debug.min.js +1 -1
package/es2018/plugins/speech-recognize/speech-recognize.min.js +2 -2
package/es2021/jodit.css +1 -1
package/es2021/jodit.fat.min.js +135 -135
package/es2021/jodit.js +35482 -35186
package/es2021/jodit.min.js +135 -135
package/es2021/plugins/debug/debug.css +1 -1
package/es2021/plugins/debug/debug.js +1 -1
package/es2021/plugins/debug/debug.min.js +1 -1
package/es2021/plugins/speech-recognize/speech-recognize.css +1 -1
package/es2021/plugins/speech-recognize/speech-recognize.js +681 -681
package/es2021/plugins/speech-recognize/speech-recognize.min.js +2 -2
package/es2021.en/jodit.css +1 -1
package/es2021.en/jodit.fat.min.js +151 -151
package/es2021.en/jodit.js +34392 -34096
package/es2021.en/jodit.min.js +135 -135
package/es2021.en/plugins/debug/debug.css +1 -1
package/es2021.en/plugins/debug/debug.js +1 -1
package/es2021.en/plugins/debug/debug.min.js +1 -1
package/es2021.en/plugins/speech-recognize/speech-recognize.css +1 -1
package/es2021.en/plugins/speech-recognize/speech-recognize.js +306 -306
package/es2021.en/plugins/speech-recognize/speech-recognize.min.js +2 -2
package/es5/jodit.css +2 -2
package/es5/jodit.fat.min.js +2 -2
package/es5/jodit.js +44054 -43700
package/es5/jodit.min.css +2 -2
package/es5/jodit.min.js +2 -2
package/es5/plugins/debug/debug.css +1 -1
package/es5/plugins/debug/debug.js +1 -1
package/es5/plugins/debug/debug.min.js +1 -1
package/es5/plugins/speech-recognize/speech-recognize.css +1 -1
package/es5/plugins/speech-recognize/speech-recognize.js +839 -839
package/es5/plugins/speech-recognize/speech-recognize.min.js +2 -2
package/es5/polyfills.fat.min.js +2 -2
package/es5/polyfills.js +4211 -4211
package/es5/polyfills.min.js +2 -2
package/esm/config.d.ts +85 -0
package/esm/core/constants.js +1 -1
package/esm/core/dom/dom.d.ts +1 -0
package/esm/core/helpers/html/safe-html.d.ts +3 -2
package/esm/core/helpers/html/safe-html.js +42 -3
package/esm/plugins/clean-html/clean-html.js +4 -0
package/esm/plugins/clean-html/config.d.ts +85 -0
package/esm/plugins/clean-html/config.js +7 -1
package/esm/plugins/clean-html/helpers/visitor/filters/convert-unsafe-embeds.d.ts +14 -0
package/esm/plugins/clean-html/helpers/visitor/filters/convert-unsafe-embeds.js +37 -0
package/esm/plugins/clean-html/helpers/visitor/filters/index.d.ts +4 -0
package/esm/plugins/clean-html/helpers/visitor/filters/index.js +4 -0
package/esm/plugins/clean-html/helpers/visitor/filters/safe-links-target.d.ts +14 -0
package/esm/plugins/clean-html/helpers/visitor/filters/safe-links-target.js +38 -0
package/esm/plugins/clean-html/helpers/visitor/filters/sandbox-iframes-in-content.d.ts +14 -0
package/esm/plugins/clean-html/helpers/visitor/filters/sandbox-iframes-in-content.js +24 -0
package/esm/plugins/clean-html/helpers/visitor/filters/sanitize-attributes.js +10 -5
package/esm/plugins/clean-html/helpers/visitor/filters/sanitize-styles.d.ts +14 -0
package/esm/plugins/clean-html/helpers/visitor/filters/sanitize-styles.js +70 -0
package/esm/plugins/drag-and-drop/drag-and-drop.js +1 -1
package/esm/plugins/enter/helpers/insert-paragraph.js +2 -1
package/esm/plugins/file/file.js +3 -2
package/esm/plugins/iframe/iframe.js +8 -6
package/esm/plugins/image/image.js +3 -2
package/esm/plugins/image-properties/writers/link.js +6 -0
package/esm/plugins/link/link.js +15 -3
package/esm/plugins/resizer/resizer.js +2 -2
package/esm/plugins/source/editor/engines/area.js +3 -7
package/package.json +1 -1
package/types/config.d.ts +85 -0
package/types/core/dom/dom.d.ts +1 -0
package/types/core/helpers/html/safe-html.d.ts +3 -2
package/types/plugins/clean-html/config.d.ts +85 -0
package/types/plugins/clean-html/helpers/visitor/filters/convert-unsafe-embeds.d.ts +14 -0
package/types/plugins/clean-html/helpers/visitor/filters/index.d.ts +4 -0
package/types/plugins/clean-html/helpers/visitor/filters/safe-links-target.d.ts +14 -0
package/types/plugins/clean-html/helpers/visitor/filters/sandbox-iframes-in-content.d.ts +14 -0
package/types/plugins/clean-html/helpers/visitor/filters/sanitize-styles.d.ts +14 -0

package/types/plugins/clean-html/config.d.ts CHANGED Viewed

@@ -41,13 +41,98 @@ declare module 'jodit/config' {
              */
             useIframeSandbox: boolean;
             /**
+             * @deprecated Use `removeEventAttributes` instead
              * Remove onError attributes
              */
             removeOnError: boolean;
+            /**
+             * Remove all `on*` event handler attributes (onerror, onclick, onload, onmouseover, etc.)
+             * When enabled, this replaces the legacy `removeOnError` behavior with comprehensive protection.
+             *
+             * ```javascript
+             * Jodit.make('#editor', {
+             * 	 cleanHTML: {
+             * 	 	 removeEventAttributes: true
+             * 	 }
+             * });
+             * ```
+             */
+            removeEventAttributes: boolean;
             /**
              * Safe href="javascript:" links
              */
             safeJavaScriptLink: boolean;
+            /**
+             * Automatically add `rel="noopener noreferrer"` to links with `target="_blank"`
+             *
+             * ```javascript
+             * Jodit.make('#editor', {
+             * 	 cleanHTML: {
+             * 	 	 safeLinksTarget: true
+             * 	 }
+             * });
+             * ```
+             */
+            safeLinksTarget: boolean;
+            /**
+             * Whitelist of allowed CSS properties inside `style` attributes.
+             * If set, all CSS properties not in the list will be removed.
+             *
+             * ```javascript
+             * Jodit.make('#editor', {
+             *     cleanHTML: {
+             *         allowedStyles: {
+             *             '*': ['color', 'background-color', 'font-size', 'text-align'],
+             *             img: ['width', 'height']
+             *         }
+             *     }
+             * });
+             * ```
+             */
+            allowedStyles: false | IDictionary<string[]>;
+            /**
+             * Custom sanitizer function. Called after Jodit's built-in sanitization.
+             * Use this to integrate DOMPurify or other external sanitizers.
+             *
+             * ```javascript
+             * import DOMPurify from 'dompurify';
+             *
+             * Jodit.make('#editor', {
+             *     cleanHTML: {
+             *         sanitizer: (html) => DOMPurify.sanitize(html)
+             *     }
+             * });
+             * ```
+             */
+            sanitizer: false | ((value: string) => string);
+            /**
+             * Automatically add `sandbox=""` attribute to all `<iframe>` elements in editor content.
+             * Prevents embedded content from running scripts or accessing the parent page.
+             *
+             * ```javascript
+             * Jodit.make('#editor', {
+             *     cleanHTML: {
+             *         sandboxIframesInContent: true
+             *     }
+             * });
+             * ```
+             */
+            sandboxIframesInContent: boolean;
+            /**
+             * Convert unsafe embed elements to sandboxed `<iframe>`.
+             * - `['object', 'embed']` — default
+             * - `false` — disabled
+             * - `string[]` — custom list of tag names to convert
+             *
+             * ```javascript
+             * Jodit.make('#editor', {
+             *     cleanHTML: {
+             *         convertUnsafeEmbeds: Jodit.atom(['object', 'embed', 'applet'])
+             *     }
+             * });
+             * ```
+             */
+            convertUnsafeEmbeds: false | string[];
             /**
              * The allowTags option defines which elements will remain in the
              * edited text when the editor saves. You can use this limit the returned HTML.

package/types/plugins/clean-html/helpers/visitor/filters/convert-unsafe-embeds.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/*!
+ * Jodit Editor (https://xdsoft.net/jodit/)
+ * Released under MIT see LICENSE.txt in the project root for license information.
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
+ */
+/**
+ * @module plugins/clean-html
+ */
+import type { IJodit } from "../../../../../types/index";
+/**
+ * Convert `<object>` and `<embed>` elements to safer `<iframe>` elements.
+ * @private
+ */
+export declare function convertUnsafeEmbeds(jodit: IJodit, nodeElm: Node, hadEffect: boolean): boolean;

package/types/plugins/clean-html/helpers/visitor/filters/index.d.ts CHANGED Viewed

@@ -10,9 +10,13 @@
  * @private
  */
 export * from "./allow-attributes";
+export * from "./convert-unsafe-embeds";
 export * from "./fill-empty-paragraph";
 export * from "./remove-empty-text-node";
 export * from "./remove-inv-text-nodes";
 export * from "./replace-old-tags";
+export * from "./safe-links-target";
+export * from "./sandbox-iframes-in-content";
 export * from "./sanitize-attributes";
+export * from "./sanitize-styles";
 export * from "./try-remove-node";

package/types/plugins/clean-html/helpers/visitor/filters/safe-links-target.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/*!
+ * Jodit Editor (https://xdsoft.net/jodit/)
+ * Released under MIT see LICENSE.txt in the project root for license information.
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
+ */
+/**
+ * @module plugins/clean-html
+ */
+import type { IJodit } from "../../../../../types/index";
+/**
+ * Automatically add `rel="noopener noreferrer"` to links with `target="_blank"`
+ * @private
+ */
+export declare function safeLinksTarget(jodit: IJodit, nodeElm: Node, hadEffect: boolean): boolean;

package/types/plugins/clean-html/helpers/visitor/filters/sandbox-iframes-in-content.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/*!
+ * Jodit Editor (https://xdsoft.net/jodit/)
+ * Released under MIT see LICENSE.txt in the project root for license information.
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
+ */
+/**
+ * @module plugins/clean-html
+ */
+import type { IJodit } from "../../../../../types/index";
+/**
+ * Add `sandbox=""` attribute to all `<iframe>` elements in the editor content
+ * @private
+ */
+export declare function sandboxIframesInContent(jodit: IJodit, nodeElm: Node, hadEffect: boolean): boolean;

package/types/plugins/clean-html/helpers/visitor/filters/sanitize-styles.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/*!
+ * Jodit Editor (https://xdsoft.net/jodit/)
+ * Released under MIT see LICENSE.txt in the project root for license information.
+ * Copyright (c) 2013-2026 Valerii Chupurnov. All rights reserved. https://xdsoft.net
+ */
+/**
+ * @module plugins/clean-html
+ */
+import type { IJodit } from "../../../../../types/index";
+/**
+ * Filter CSS properties in style attributes based on allowedStyles whitelist
+ * @private
+ */
+export declare function sanitizeStyles(jodit: IJodit, nodeElm: Node, hadEffect: boolean): boolean;