Skip to content

v0.18.2 - Security fixes
Compare
Choose a tag to compare
@artf artf released this 27 Jan 13:54
· 1581 commits to dev since this release
v0.18.2
20bf7e9

Added

  • Added Component.getInnerHTML method.
  • Added withProps and altQuoteAttr options to Component.toHTML method.
  • Added onlyMatched option to CSS code generator.
  • Added new options to editor.Parser.parseHtml.
  • Added config.parser.optionsHtml configuration options.

Changed

  • Make the component resize command more extendable #4097
  • Deprecated config.allowScripts in favor of config.parser.optionsHtml.allowScripts.
    ⚠️ As before, config.parser.optionsHtml.allowScripts is false by default but now we also remove unsafe attributes from parsed HTML (eg. on* inline event handlers). In case you need to enable unsafe attributes, you can do it via config.parser.optionsHtml.allowUnsafeAttr option.

Fixed

  • Fix XSS in ClassTagsView #4076
  • Fix external D&D for Image components #4094
Assets 2
Loading