tiptap/packages/extension-youtube
Cameron Hessler 04a11355a7 fix(extension-youtube) XSS risk with src tag
Fixes risks outline in #4600 by verifying that any src urls are valid
youtube URLs before rendering as HTML. My thoughts are that this attack
vector would be difficult to use because the attacker would have to have
a way to manipualte the TipTap payload in a manner that bypasses the
youtube extension's `setYoutubeVideo` command, which already checks for
valid URLs.
2023-11-20 18:48:22 +01:00
..
src fix(extension-youtube) XSS risk with src tag 2023-11-20 18:48:22 +01:00
CHANGELOG.md v2.1.12 2023-10-11 15:55:10 +02:00
package.json v2.1.12 2023-10-11 15:55:10 +02:00
README.md docs: consistent naming (#3882) 2023-03-27 11:20:31 +02:00
rollup.config.js fix: fix builds including prosemirror 2023-02-08 11:51:10 +01:00

@tiptap/extension-youtube

Version Downloads License Sponsor

Introduction

Tiptap is a headless wrapper around ProseMirror a toolkit for building rich text WYSIWYG editors, which is already in use at many well-known companies such as New York Times, The Guardian or Atlassian.

Official Documentation

Documentation can be found on the Tiptap website.

License

Tiptap is open sourced software licensed under the MIT license.