Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.
* Fix TipTap getting loaded as CommonJS when the intent is to use the ES Module version.
* `package.json` change also makes explicit exports required
* Update `core` utilities exports to include all utilities
* Update tests to use exported utilities
Previously, setting marks did no schema validation checks for dry runs
(like the `.can()` command). The `setMark` raw command will now properly
check if the mark is possible to be set given the editor node/mark
schema.
Co-authored-by: Cameron Hessler <cameron.hessler@buildertrend.com>
Declare lowlight as a peerDependency to delegate
the control of which version of lowlight is used
to the client application
Co-authored-by: Enrique Alcantara <ealcantara@gitlab.com>
* add new addOptions option
* replace defaultOptions with addOptions for all extensions
* replace defaultOptions with addOptions for all demos
* replace defaultOptions with addOptions in docs
* refactoring
* refactoring
* drop object support for addOptions
* fix optional options
* fix tests
* refactoring
* improve link regex
* WIP: add new markPasteRule und linkify to image mark
* move copy of inputrule to core
* trigger codeblock inputrule on enter
* refactoring
* add regex match to markpasterulematch
* refactoring
* improve link regex
* WIP: add new markPasteRule und linkify to image mark
* move copy of inputrule to core
* trigger codeblock inputrule on enter
* refactoring
* add regex match to markpasterulematch
* update linkify
* wip
* wip
* log
* wip
* remove debug code
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* wip
* rename matcher
* add data to ExtendedRegExpMatchArray
* remove logging
* add code option to marks, prevent inputrules in code mark
* remove link regex
* fix codeblock inputrule on enter
* refactoring
* refactoring
* refactoring
* refactoring
* fix position bug
* add test
* export InputRule and PasteRule
* clean up link demo
* fix types
Use the extension name when initializing the
LowlightPlugin. In this way, several extensions
can make use of the same plugin
Co-authored-by: Enrique Alcantara <ealcantara@gitlab.com>