Interface

HtmlEmbedConfig (html-embed)

@ckeditor/ckeditor5-html-embed/src/htmlembed

interface

The configuration of the HTML embed feature.

ClassicEditor
	.create( editorElement, {
		htmlEmbed: ... // HTML embed feature options.
	} )
	.then( ... )
	.catch( ... );

See all editor options.

Filtering

Properties

  • sanitizeHtml : function

    Callback used to sanitize the HTML provided by the user when generating previews of it in the editor.

    We strongly recommend overwriting the default function to avoid XSS vulnerabilities.

    Read more about the security aspect of this feature in the "Security" section of the HTML embed feature guide.

    The function receives the input HTML (as a string), and should return an object that matches the HtmlEmbedSanitizeOutput interface.

    ClassicEditor
    		.create( editorElement, {
    			htmlEmbed: {
    				showPreviews: true,
    				sanitizeHtml( inputHtml ) {
    					// Strip unsafe elements and attributes, e.g.:
    					// the `<script>` elements and `on*` attributes.
    					const outputHtml = sanitize( inputHtml );
    
    					return {
    						html: outputHtml,
    						// true or false depending on whether the sanitizer stripped anything.
    						hasChanged: ...
    					};
    				},
    			}
    		} )
    		.then( ... )
    		.catch( ... );
    

    Note: The function is used only when the feature is configured to render previews.

  • showPreviews : Boolean

    Whether the feature should render previews of the embedded HTML.

    When set to true, the feature will produce a preview of the inserted HTML based on a sanitized version of the HTML provided by the user.

    The function responsible for sanitizing the HTML needs to be specified in config.htmlEmbed.sanitizeHtml().

    Read more about the security aspect of this feature in the "Security" section of the HTML embed feature guide.

    Defaults to false