Bug fix for issue #724; XSS issue when importing through getHTML() function; remove usage of innerHTML and pre-parse the string using native JS DOMParser

packages/tiptap/src/Editor.js

@@ -52,20 +52,13 @@ export default class Editor extends Emitter {
       dropCursor: {},
       parseOptions: {},
       injectCSS: true,
-      onInit: () => {
+      onInit: () => {},
-      },
+      onTransaction: () => {},
-      onTransaction: () => {
+      onUpdate: () => {},
-      },
+      onFocus: () => {},
-      onUpdate: () => {
+      onBlur: () => {},
-      },
+      onPaste: () => {},
-      onFocus: () => {
+      onDrop: () => {},
-      },
-      onBlur: () => {
-      },
-      onPaste: () => {
-      },
-      onDrop: () => {
-      },
     }
 
     this.events = [
@@ -110,8 +103,7 @@ export default class Editor extends Emitter {
     }
 
     this.events.forEach(name => {
-      this.on(name, this.options[camelCase(`on ${name}`)] || (() => {
+      this.on(name, this.options[camelCase(`on ${name}`)] || (() => {}))
-      }))
     })
 
     this.emit('init', {
@@ -283,7 +275,6 @@ export default class Editor extends Emitter {
       const htmlString = `<div>${content}</div>`;
       const parser = new window.DOMParser;
       const element = parser.parseFromString(htmlString, "text/html").body.firstChild;
-
       return DOMParser.fromSchema(this.schema).parse(element, parseOptions)
     }
 
@@ -293,12 +284,8 @@ export default class Editor extends Emitter {
   createView() {
     return new EditorView(this.element, {
       state: this.createState(),
-      handlePaste: (...args) => {
+      handlePaste: (...args) => { this.emit('paste', ...args) },
-        this.emit('paste', ...args)
+      handleDrop: (...args) => { this.emit('drop', ...args) },
-      },
-      handleDrop: (...args) => {
-        this.emit('drop', ...args)
-      },
       dispatchTransaction: this.dispatchTransaction.bind(this),
     })
   }