mirror of
https://github.com/ueberdosis/tiptap.git
synced 2024-12-24 17:47:50 +08:00
04a11355a7
Fixes risks outline in #4600 by verifying that any src urls are valid youtube URLs before rendering as HTML. My thoughts are that this attack vector would be difficult to use because the attacker would have to have a way to manipualte the TipTap payload in a manner that bypasses the youtube extension's `setYoutubeVideo` command, which already checks for valid URLs. |
||
---|---|---|
.. | ||
src | ||
CHANGELOG.md | ||
package.json | ||
README.md | ||
rollup.config.js |
@tiptap/extension-youtube
Introduction
Tiptap is a headless wrapper around ProseMirror – a toolkit for building rich text WYSIWYG editors, which is already in use at many well-known companies such as New York Times, The Guardian or Atlassian.
Official Documentation
Documentation can be found on the Tiptap website.
License
Tiptap is open sourced software licensed under the MIT license.