suneditor 3.1.3 → 3.1.4

package/types/core/schema/options.d.ts

@@ -25,6 +25,8 @@ export namespace DEFAULTS {
 	};
 	let CONTENT_STYLES: string;
 	let TAG_STYLES: {
+		'@text': string;
+		'@line': string;
 		'table|th|td': string;
 		'table|td': string;
 		tr: string;
@@ -36,8 +38,6 @@ export namespace DEFAULTS {
 		'img|video|iframe': string;
 		hr: string;
 	};
-	let SPAN_STYLES: string;
-	let LINE_STYLES: string;
 	let RETAIN_STYLE_MODE: string[];
 }
 /**
@@ -263,7 +263,7 @@ export namespace DEFAULTS {
  * - `classFilter`: Filters disallowed CSS class names (`allowedClassName`)
  * - `textStyleTagFilter`: Filters text style tags (b, i, u, span, etc.)
  * - `attrFilter`: Filters disallowed HTML attributes (`attributeWhitelist`/`attributeBlacklist`)
- * - `styleFilter`: Filters disallowed inline styles (`spanStyles`/`lineStyles`/`allUsedStyles`)
+ * - `styleFilter`: Filters disallowed inline styles (per-tag from `tagStyles`)
  * ```js
  * // disable only attribute and style filters
  * {
@@ -339,19 +339,23 @@ export namespace DEFAULTS {
  * ```js
  * { allUsedStyles: 'color|background-color|text-shadow' }
  * ```
- * @property {Object<string, string>} [tagStyles={}] - Specifies allowed styles for HTML tags. Key is tag name(s), value is pipe-delimited allowed styles.
+ * @property {Object<string, string>} [tagStyles={}] - Specifies allowed CSS styles per HTML tag.
+ * - Key is a tag name, multiple tags joined with `|`, or a category sentinel (`@text`, `@line`).
+ * - Value is a pipe-delimited list of allowed style names.
+ * - Resolution order when filtering an element: explicit tag entry → `@line` (for formatLine elements) → `@text` (for textStyleTags).
+ * - An explicit tag entry **replaces** the category default — include category styles in the value if you want both.
+ * - Merged with {@link DEFAULTS.TAG_STYLES}; user-supplied keys win.
  * ```js
  * {
  *   tagStyles: {
- *     'table|td': 'border|color|background-color',
- *     hr: 'border-top'
+ *     '@text': 'color|font-size|background-color',  // default for span, b, i, em, ...
+ *     '@line': 'text-align|margin|line-height',     // default for p, h1-h6, div, li, ...
+ *     'table|td': 'border|color|background-color',  // per-tag whitelist
+ *     div: 'color',                                   // explicit override; ignores `@line` default
+ *     hr: 'border-top',
  *   }
  * }
  * ```
- * @property {string} [spanStyles=CONSTANTS.SPAN_STYLES] - Specifies allowed styles for the `span` tag.
- * - The default follows {@link DEFAULTS.SPAN_STYLES}
- * @property {string} [lineStyles=CONSTANTS.LINE_STYLES] - Specifies allowed styles for the `line` element (p..).
- * - The default follows {@link DEFAULTS.LINE_STYLES}
  * @property {Array<string>} [fontSizeUnits=CONSTANTS.SIZE_UNITS] - Allowed font size units.
  * - The default follows {@link DEFAULTS.SIZE_UNITS}
  * @property {"repeat"|"always"|"none"} [retainStyleMode="repeat"] - Determines how inline elements (e.g. `<span>`, `<strong>`) are handled when deleting text.
@@ -570,8 +574,6 @@ export namespace DEFAULTS {
  * @property {string[]} [_reverseCommandArray] - Internal key shortcut matcher for reverse commands.
  * @property {string} [_subMode] - Sub toolbar mode (e.g., `balloon`).
  * @property {string[]} [_textStyleTags] - Tag names used for text styling, plus span/li.
- * @property {RegExp} [_textStylesRegExp] - Regex to match inline styles (e.g., fontSize, color).
- * @property {RegExp} [_lineStylesRegExp] - Regex to match line styles (e.g., text-align, padding).
  * @property {Object<string, string>} [_defaultStyleTagMap] - Mapping HTML tag => standard tag.
  * @property {Object<string, string>} [_styleCommandMap] - Mapping HTML tag => command (e.g., bold, underline).
  * @property {Object<string, string>} [_defaultTagCommand] - Mapping command => preferred tag.
@@ -985,7 +987,7 @@ export type EditorBaseOptions = {
 	 * - `classFilter`: Filters disallowed CSS class names (`allowedClassName`)
 	 * - `textStyleTagFilter`: Filters text style tags (b, i, u, span, etc.)
 	 * - `attrFilter`: Filters disallowed HTML attributes (`attributeWhitelist`/`attributeBlacklist`)
-	 * - `styleFilter`: Filters disallowed inline styles (`spanStyles`/`lineStyles`/`allUsedStyles`)
+	 * - `styleFilter`: Filters disallowed inline styles (per-tag from `tagStyles`)
 	 * ```js
 	 * // disable only attribute and style filters
 	 * {
@@ -1106,12 +1108,20 @@ export type EditorBaseOptions = {
 	 */
 	allUsedStyles?: string;
 	/**
-	 * - Specifies allowed styles for HTML tags. Key is tag name(s), value is pipe-delimited allowed styles.
+	 * - Specifies allowed CSS styles per HTML tag.
+	 * - Key is a tag name, multiple tags joined with `|`, or a category sentinel (`@text`, `@line`).
+	 * - Value is a pipe-delimited list of allowed style names.
+	 * - Resolution order when filtering an element: explicit tag entry → `@line` (for formatLine elements) → `@text` (for textStyleTags).
+	 * - An explicit tag entry **replaces** the category default — include category styles in the value if you want both.
+	 * - Merged with {@link DEFAULTS.TAG_STYLES}; user-supplied keys win.
 	 * ```js
 	 * {
 	 * tagStyles: {
-	 * 'table|td': 'border|color|background-color',
-	 * hr: 'border-top'
+	 * '@text': 'color|font-size|background-color',  // default for span, b, i, em, ...
+	 * '@line': 'text-align|margin|line-height',     // default for p, h1-h6, div, li, ...
+	 * 'table|td': 'border|color|background-color',  // per-tag whitelist
+	 * div: 'color',                                   // explicit override; ignores `@line` default
+	 * hr: 'border-top',
 	 * }
 	 * }
 	 * ```
@@ -1119,16 +1129,6 @@ export type EditorBaseOptions = {
 	tagStyles?: {
 		[x: string]: string;
 	};
-	/**
-	 * - Specifies allowed styles for the `span` tag.
-	 * - The default follows {@link DEFAULTS.SPAN_STYLES}
-	 */
-	spanStyles?: string;
-	/**
-	 * - Specifies allowed styles for the `line` element (p..).
-	 * - The default follows {@link DEFAULTS.LINE_STYLES}
-	 */
-	lineStyles?: string;
 	/**
 	 * - Allowed font size units.
 	 * - The default follows {@link DEFAULTS.SIZE_UNITS}
@@ -1501,14 +1501,6 @@ export type InternalBaseOptions = {
 	 * - Tag names used for text styling, plus span/li.
 	 */
 	_textStyleTags?: string[];
-	/**
-	 * - Regex to match inline styles (e.g., fontSize, color).
-	 */
-	_textStylesRegExp?: RegExp;
-	/**
-	 * - Regex to match line styles (e.g., text-align, padding).
-	 */
-	_lineStylesRegExp?: RegExp;
 	/**
 	 * - Mapping HTML tag => standard tag.
 	 */
@@ -1602,7 +1594,7 @@ export type StrictModeOptions = {
 	 */
 	attrFilter: boolean;
 	/**
-	 * - Filters disallowed inline styles (`spanStyles`/`lineStyles`/`allUsedStyles`)
+	 * - Filters disallowed inline styles (per-tag from `tagStyles`)
 	 */
 	styleFilter: boolean;
 };

package/types/modules/contract/Browser.d.ts

@@ -102,7 +102,7 @@ export type BrowserParams = {
 	/**
 	 * - File server search http header. Optional. Can be overridden in browser.
 	 */
-	searchUrlHeader?: {
+	searchHeaders?: {
 		[x: string]: string;
 	};
 	/**
@@ -172,7 +172,7 @@ export type BrowserParams = {
  *   ]
  * }
  * ```
- * @property {Object<string, string>} [searchUrlHeader] - File server search http header. Optional. Can be overridden in browser.
+ * @property {Object<string, string>} [searchHeaders] - File server search http header. Optional. Can be overridden in browser.
  * @property {string} [listClass] - Class name of list div. Required. Can be overridden in browser.
  * @property {(item: BrowserFile) => string} [drawItemHandler] - Function that returns HTML string for rendering each file item. Required. Can be overridden in browser.
  * ```js
@@ -227,11 +227,11 @@ declare class Browser {
 				[x: string]: any;
 		  };
 	url: string;
-	urlHeader: {
+	headers: {
 		[x: string]: string;
 	};
 	searchUrl: string;
-	searchUrlHeader: {
+	searchHeaders: {
 		[x: string]: string;
 	};
 	drawItemHandler: any;
@@ -276,7 +276,7 @@ declare class Browser {
 	 * @param {string} [params.listClass] - Class name of list div. If not, use `this.listClass`.
 	 * @param {string} [params.title] - File browser window title. If not, use `this.title`.
 	 * @param {string} [params.url] - File server url. If not, use `this.url`.
-	 * @param {Object<string, string>} [params.urlHeader] - File server http header. If not, use `this.urlHeader`.
+	 * @param {Object<string, string>} [params.headers] - File server http header. If not, use `this.headers`.
 	 * @example
 	 * // Open with default settings (configured at construction):
 	 * this.browser.open();
@@ -285,14 +285,14 @@ declare class Browser {
 	 * this.browser.open({
 	 *   title: 'Select a video',
 	 *   url: '/api/videos',
-	 *   urlHeader: { Authorization: 'Bearer token' },
+	 *   headers: { Authorization: 'Bearer token' },
 	 * });
 	 */
 	open(params?: {
 		listClass?: string;
 		title?: string;
 		url?: string;
-		urlHeader?: {
+		headers?: {
 			[x: string]: string;
 		};
 	}): void;

package/types/modules/ui/ModalAnchorEditor.d.ts

@@ -196,6 +196,8 @@ declare class ModalAnchorEditor {
 	/**
 	 * @description Creates an anchor (`<a>`) element with the specified attributes.
 	 * @param {boolean} notText - If `true`, the anchor will not contain text content.
+	 * @param {?string} [urlOverride] - Fallback URL used when the modal's `linkValue` is empty
+	 * - (e.g., when called outside the modal lifecycle such as from `retainFormat`)
 	 * @returns {HTMLElement|null} - The newly created anchor element, or `null` if the URL is empty.
 	 * @example
 	 * // In a link plugin — create anchor with text content:
@@ -208,8 +210,11 @@ declare class ModalAnchorEditor {
 	 * if (anchor) {
 	 *   anchor.appendChild(imgElement);
 	 * }
+	 *
+	 * // Preserve an existing parent anchor's href when rebuilding outside the modal:
+	 * const anchor = this.anchor.create(true, parentAnchor.href);
 	 */
-	create(notText: boolean): HTMLElement | null;
+	create(notText: boolean, urlOverride?: string | null): HTMLElement | null;
 	/**
 	 * @description Resets the ModalAnchorEditor to its initial state.
 	 */

package/types/plugins/browser/audioGallery.d.ts

@@ -28,6 +28,18 @@ export type AudioGalleryPluginOptions = {
 	headers?: {
 		[x: string]: string;
 	};
+	/**
+	 * - Server-side search URL. When set, the keyword is sent to this URL
+	 * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+	 * already-loaded items locally.
+	 */
+	searchUrl?: string;
+	/**
+	 * - Server-side search request headers
+	 */
+	searchHeaders?: {
+		[x: string]: string;
+	};
 	/**
 	 * - Default thumbnail
 	 */
@@ -51,6 +63,10 @@ export type AudioGalleryPluginOptions = {
  * }
  * ```
  * @property {Object<string, string>} [headers] - Server request headers
+ * @property {string} [searchUrl] - Server-side search URL. When set, the keyword is sent to this URL
+ * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+ * already-loaded items locally.
+ * @property {Object<string, string>} [searchHeaders] - Server-side search request headers
  * @property {string|((item: SunEditor.Module.Browser.File) => string)} [thumbnail] - Default thumbnail
  */
 /**

package/types/plugins/browser/fileBrowser.d.ts

@@ -39,6 +39,18 @@ export type FileBrowserPluginOptions = {
 	headers?: {
 		[x: string]: string;
 	};
+	/**
+	 * - Server-side search URL. When set, the keyword is sent to this URL
+	 * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+	 * already-loaded items locally.
+	 */
+	searchUrl?: string;
+	/**
+	 * - Server-side search request headers
+	 */
+	searchHeaders?: {
+		[x: string]: string;
+	};
 	/**
 	 * - Default thumbnail URL or a function that returns a thumbnail URL per item.
 	 */
@@ -80,6 +92,10 @@ export type FileBrowserPluginOptions = {
  * }
  * ```
  * @property {Object<string, string>} [headers] - Server request headers
+ * @property {string} [searchUrl] - Server-side search URL. When set, the keyword is sent to this URL
+ * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+ * already-loaded items locally.
+ * @property {Object<string, string>} [searchHeaders] - Server-side search request headers
  * @property {string|((item: SunEditor.Module.Browser.File) => string)} [thumbnail] - Default thumbnail URL or a function that returns a thumbnail URL per item.
  * @property {number} [expand=1] - Initial folder expand depth. `1` expands the first level, `Infinity` expands all. Default: `1`.
  * @property {Array<string>} [props] - Additional tag names

package/types/plugins/browser/fileGallery.d.ts

@@ -29,6 +29,18 @@ export type FileGalleryPluginOptions = {
 	headers?: {
 		[x: string]: string;
 	};
+	/**
+	 * - Server-side search URL. When set, the keyword is sent to this URL
+	 * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+	 * already-loaded items locally.
+	 */
+	searchUrl?: string;
+	/**
+	 * - Server-side search request headers
+	 */
+	searchHeaders?: {
+		[x: string]: string;
+	};
 	/**
 	 * - Default thumbnail
 	 */
@@ -53,6 +65,10 @@ export type FileGalleryPluginOptions = {
  * }
  * ```
  * @property {Object<string, string>} [headers] - Server request headers
+ * @property {string} [searchUrl] - Server-side search URL. When set, the keyword is sent to this URL
+ * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+ * already-loaded items locally.
+ * @property {Object<string, string>} [searchHeaders] - Server-side search request headers
  * @property {string|((item: SunEditor.Module.Browser.File) => string)} [thumbnail] - Default thumbnail
  */
 /**

package/types/plugins/browser/imageGallery.d.ts

@@ -29,6 +29,18 @@ export type ImageGalleryPluginOptions = {
 	headers?: {
 		[x: string]: string;
 	};
+	/**
+	 * - Server-side search URL. When set, the keyword is sent to this URL
+	 * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+	 * already-loaded items locally.
+	 */
+	searchUrl?: string;
+	/**
+	 * - Server-side search request headers
+	 */
+	searchHeaders?: {
+		[x: string]: string;
+	};
 };
 /**
  * @typedef ImageGalleryPluginOptions
@@ -49,6 +61,10 @@ export type ImageGalleryPluginOptions = {
  * }
  * ```
  * @property {Object<string, string>} [headers] - Server request headers
+ * @property {string} [searchUrl] - Server-side search URL. When set, the keyword is sent to this URL
+ * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+ * already-loaded items locally.
+ * @property {Object<string, string>} [searchHeaders] - Server-side search request headers
  */
 /**
  * @class

package/types/plugins/browser/videoGallery.d.ts

@@ -29,6 +29,18 @@ export type VideoGalleryPluginOptions = {
 	headers?: {
 		[x: string]: string;
 	};
+	/**
+	 * - Server-side search URL. When set, the keyword is sent to this URL
+	 * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+	 * already-loaded items locally.
+	 */
+	searchUrl?: string;
+	/**
+	 * - Server-side search request headers
+	 */
+	searchHeaders?: {
+		[x: string]: string;
+	};
 	/**
 	 * - Default thumbnail
 	 */
@@ -53,6 +65,10 @@ export type VideoGalleryPluginOptions = {
  * }
  * ```
  * @property {Object<string, string>} [headers] - Server request headers
+ * @property {string} [searchUrl] - Server-side search URL. When set, the keyword is sent to this URL
+ * as `?keyword=<value>` and the server response replaces the list. When not set, search filters the
+ * already-loaded items locally.
+ * @property {Object<string, string>} [searchHeaders] - Server-side search request headers
  * @property {string|((item: SunEditor.Module.Browser.File) => string)} [thumbnail] - Default thumbnail
  */
 /**

package/types/plugins/modal/embed.d.ts

@@ -78,6 +78,20 @@ export type EmbedPluginOptions = {
 	 * - Additional URL patterns to recognize as embeddable content.
 	 */
 	urlPatterns?: Array<RegExp>;
+	/**
+	 * - Allowed `<script src=...>` patterns for raw embed HTML
+	 * - (e.g. Twitter blockquote + `widgets.js`). Each entry is a `RegExp` (tested against the full src) or a `string` (matched via `startsWith`).
+	 * - Defaults to `[]` — all script tags are rejected.** Inline scripts (no `src`) are always rejected.
+	 * ```js
+	 * {
+	 * scriptSrcWhitelist: [
+	 * /^https:\/\/platform\.x\.com\/widgets\.js$/,
+	 * /^https:\/\/www\.instagram\.com\/embed\.js$/,
+	 * ]
+	 * }
+	 * ```
+	 */
+	scriptSrcWhitelist?: Array<RegExp | string>;
 	/**
 	 * - Custom embed service definitions.
 	 * Each key is a service name, with `pattern` to match the URL, `action` to transform it into an embed URL, and `tag` for the output element.
@@ -150,6 +164,17 @@ export type EmbedPluginOptions = {
  * { query_vimeo: 'autoplay=1' }
  * ```
  * @property {Array<RegExp>} [urlPatterns] - Additional URL patterns to recognize as embeddable content.
+ * @property {Array<RegExp|string>} [scriptSrcWhitelist] - Allowed `<script src=...>` patterns for raw embed HTML
+ * - (e.g. Twitter blockquote + `widgets.js`). Each entry is a `RegExp` (tested against the full src) or a `string` (matched via `startsWith`).
+ * - Defaults to `[]` — all script tags are rejected.** Inline scripts (no `src`) are always rejected.
+ * ```js
+ * {
+ *   scriptSrcWhitelist: [
+ *     /^https:\/\/platform\.x\.com\/widgets\.js$/,
+ *     /^https:\/\/www\.instagram\.com\/embed\.js$/,
+ *   ]
+ * }
+ * ```
  * @property {Object<string, {pattern: RegExp, action: (url: string) => string, tag: string}>} [embedQuery] - Custom embed service definitions.
  * Each key is a service name, with `pattern` to match the URL, `action` to transform it into an embed URL, and `tag` for the output element.
  * ```js
@@ -189,6 +214,14 @@ declare class Embed extends PluginModal {
 	 * @returns {boolean} `true` if the URL matches a known pattern; otherwise, `false`.
 	 */
 	static #checkContentType(url: string): boolean;
+	/**
+	 * @description Validate a `<script src>` against the configured whitelist for raw embed HTML.
+	 * Inline scripts (no `src`) are always rejected.
+	 * @param {string} src
+	 * @param {Array<RegExp|string>} whitelist
+	 * @returns {boolean}
+	 */
+	static #isAllowedScriptSrc(src: string, whitelist: Array<RegExp | string>): boolean;
 	/** @type {Array<RegExp>} */
 	static #urlPatterns: Array<RegExp>;
 	/**
@@ -215,6 +248,7 @@ declare class Embed extends PluginModal {
 		};
 		query_youtube: string;
 		query_vimeo: string;
+		scriptSrcWhitelist: (string | RegExp)[];
 		insertBehavior: SunEditor.ComponentInsertType;
 	};
 	modal: Modal;