UNPKG

@kolkov/angular-editor

Version:

A simple native WYSIWYG editor for Angular 20+. Rich Text editor component for Angular.

github.com/kolkov/angular-editor

kolkov/angular-editor

155 lines (118 loc) ā€¢ 7.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
<a name="3.0.5"></a> ## [3.0.5](https://github.com/kolkov/angular-editor/compare/v3.0.4...v3.0.5) (2026-01-30) ### Bug Fixes * **custom-class:** Preserve HTML structure in multiline selections ([#594](https://github.com/kolkov/angular-editor/issues/594)) ([#595](https://github.com/kolkov/angular-editor/pull/595)) - Fixed `createCustomClass()` stripping HTML when applying custom classes to multiline content - Added `mode` option to `CustomClass`: `'inline'`, `'block'`, `'auto'` (default) - Smart detection: inline mode for single blocks, block mode for multiple paragraphs - Block mode applies class to each block element (P, DIV, H1-H6, LI, etc.) - Uses DOM Range API with `extractContents()` + `insertNode()` instead of `sel.toString()` ### Features * **config:** Add `textDirection` option for RTL/LTR support ([#520](https://github.com/kolkov/angular-editor/issues/520)) ([#592](https://github.com/kolkov/angular-editor/pull/592)) - New config property: `textDirection?: 'ltr' | 'rtl' | 'auto'` - Binds to HTML `dir` attribute on editor element - Thanks to @jamesey2001 for the contribution --- <a name="3.0.4"></a> ## [3.0.4](https://github.com/kolkov/angular-editor/compare/v3.0.3...v3.0.4) (2025-12-18) - Security Hotfix ### Security * **CRITICAL:** Fixed XSS vulnerability in `toggleEditorMode()` method ([#580](https://github.com/kolkov/angular-editor/issues/580)) ([#587](https://github.com/kolkov/angular-editor/pull/587)) - XSS could execute when switching from HTML source mode back to WYSIWYG - User-entered HTML was set via innerHTML without sanitization - Sanitization now properly applied in both code paths - Thanks to @MarioTesoro for finding the root cause and submitting the fix ### Note v3.0.3 fix was incomplete - it only covered `refreshView()` but not `toggleEditorMode()`. This release provides complete XSS protection. ### Upgrade Recommendation **IMMEDIATE UPGRADE RECOMMENDED** for all users. This release completes the security fix started in v3.0.3. --- <a name="3.0.3"></a> ## [3.0.3](https://github.com/kolkov/angular-editor/compare/v3.0.2...v3.0.3) (2025-01-22) - Security Hotfix ### Security * **CRITICAL:** Fixed XSS vulnerability in `refreshView()` method ([#580](https://github.com/kolkov/angular-editor/issues/580)) ([774a97d](https://github.com/kolkov/angular-editor/commit/774a97d)) - XSS could bypass sanitizer when setting editor value via ngModel/formControl - Sanitization now properly applied to all innerHTML assignments - Thanks to @MarioTesoro for responsible disclosure with PoC ### Bug Fixes * **links:** Preserve relative URLs when editing existing links ([#359](https://github.com/kolkov/angular-editor/issues/359)) ([c691d30](https://github.com/kolkov/angular-editor/commit/c691d30)) - Use `getAttribute('href')` instead of `.href` property - Prevents adding hostname to relative paths * **debug:** Remove debug `console.log` statement from focus() method ([#324](https://github.com/kolkov/angular-editor/issues/324)) ([c691d30](https://github.com/kolkov/angular-editor/commit/c691d30)) ### Upgrade Recommendation **IMMEDIATE UPGRADE RECOMMENDED** for all users. This release fixes a critical security vulnerability. --- <a name="3.0.2"></a> ## [3.0.2](https://github.com/kolkov/angular-editor/compare/v3.0.1...v3.0.2) (2025-01-22) ### Bug Fixes * **toolbar:** toolbarHiddenButtons option now works without Bootstrap ([#544](https://github.com/kolkov/angular-editor/issues/544)) ([3563552](https://github.com/kolkov/angular-editor/commit/3563552)) * **image:** allow re-uploading same image after deletion ([#543](https://github.com/kolkov/angular-editor/issues/543), [#568](https://github.com/kolkov/angular-editor/issues/568), [#503](https://github.com/kolkov/angular-editor/issues/503)) ([7d21718](https://github.com/kolkov/angular-editor/commit/7d21718)) * **video:** support YouTube short URLs (youtu.be format) ([#557](https://github.com/kolkov/angular-editor/issues/557), [#554](https://github.com/kolkov/angular-editor/issues/554)) ([4aa8397](https://github.com/kolkov/angular-editor/commit/4aa8397)) ### Maintenance * **issues:** Systematic triage completed - 61 issues closed, 249 remain open * **documentation:** Added issue triage session record --- <a name="3.0.1"></a> ## [3.0.1](https://github.com/kolkov/angular-editor/compare/v3.0.0...v3.0.1) (2025-11-22) ### Bug Fixes * **Icons:** Fixed list icons (unordered/ordered) display consistency in toolbar ### CI/CD * **GitHub Actions:** Added automated npm publishing workflow * **npm Publishing:** Configured Granular Access Token authentication * **GitHub Releases:** Automated release creation with changelog --- <a name="3.0.0"></a> ## [3.0.0](https://github.com/kolkov/angular-editor/compare/v2.0.0...v3.0.0) (2025-11-22) Major Angular 20 Upgrade šŸŽ‰ **Stable Release** - Production Ready! ### Breaking Changes * **Angular Version:** Minimum required version is now Angular 20.0.0 * **RxJS:** Requires RxJS 7.8.0 or higher (upgraded from 6.5.5) * **TypeScript:** Requires TypeScript 5.4 or higher * **zone.js:** Updated to 0.15.1 ### Features * **Angular 20 Support:** Full compatibility with Angular 20.3.13 (v20-lts) * **Angular 21 Ready:** Forward compatible with Angular 21.x * **Modern Build System:** Updated to latest ng-packagr 20.3.2 * **Enhanced Type Safety:** Improved TypeScript strict mode compliance * **Font Awesome Removed:** No external icon dependencies - using pure SVG icons (27 icons) * **Zero External Icon Dependencies:** Fully self-contained icon system ### Migration Path * Migrated through: Angular 13 ā†’ 18 ā†’ 19 ā†’ 20 * All Angular CLI migrations applied successfully * Updated DOCUMENT import from @angular/core (Angular 20 requirement) * Modernized test infrastructure (waitForAsync) ### Developer Experience * **ESLint:** Updated to @angular-eslint 20.x * **Linting:** All files pass linting (0 errors) * **Build:** Both development and production builds verified * **Tests:** 13/13 tests passing (100% success rate) ### Bug Fixes * **Tests:** Fixed AeSelectComponent tests for mousedown event handling * **Demo:** Updated demo app for Angular 20 compatibility ### Technical Details * Removed deprecated `async` test helper (use `waitForAsync`) * Fixed TypeScript strict type checking for event handlers * Disabled new strict rules for backward compatibility (prefer-standalone, prefer-inject) * Updated moduleResolution to 'bundler' (Angular 20 standard) ### Peer Dependencies ```json { "@angular/common": "^20.0.0 || ^21.0.0", "@angular/core": "^20.0.0 || ^21.0.0", "@angular/forms": "^20.0.0 || ^21.0.0", "rxjs": "^7.8.0" } ``` <a name="3.0.0-beta.2"></a> ## [3.0.0-beta.2](https://github.com/kolkov/angular-editor/compare/v3.0.0-beta.1...v3.0.0-beta.2) (2025-01-10) * Refactor ae-select component (button ā†’ span) <a name="2.0.0"></a> ## [2.0.0](https://github.com/kolkov/angular-editor/compare/v1.2.0...v2.0.0) (2022-01-06) Major release * Update to Angular v.13 and new Ivy compatible package format <a name="1.0.2"></a> ## [1.0.2](https://github.com/kolkov/angular-editor/compare/v1.0.1...v1.0.2) (2019-11-28) Technical release * Readme update for npmjs.com <a name="1.0.1"></a> ## [1.0.1](https://github.com/kolkov/angular-editor/compare/v1.0.0...v1.0.1) (2019-11-27) Technical release * Fix logo at npmjs.com readme <a name="1.0.0"></a> ## [1.0.0](https://github.com/kolkov/angular-editor/compare/v1.0.0-rc.2...v1.0.0) (2019-11-27) Initial release