Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.
Declare lowlight as a peerDependency to delegate
the control of which version of lowlight is used
to the client application
Co-authored-by: Enrique Alcantara <ealcantara@gitlab.com>
* refactoring
* improve link regex
* WIP: add new markPasteRule und linkify to image mark
* move copy of inputrule to core
* trigger codeblock inputrule on enter
* refactoring
* add regex match to markpasterulematch
* refactoring
* improve link regex
* WIP: add new markPasteRule und linkify to image mark
* move copy of inputrule to core
* trigger codeblock inputrule on enter
* refactoring
* add regex match to markpasterulematch
* update linkify
* wip
* wip
* log
* wip
* remove debug code
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* rename matcher
* add data to ExtendedRegExpMatchArray
* remove logging
* add code option to marks, prevent inputrules in code mark
* remove link regex
* fix codeblock inputrule on enter
* refactoring
* refactoring
* refactoring
* refactoring
* fix position bug
* add test
* export InputRule and PasteRule
* clean up link demo
* fix types
Use the extension name when initializing the
LowlightPlugin. In this way, several extensions
can make use of the same plugin
Co-authored-by: Enrique Alcantara <ealcantara@gitlab.com>
