HtmlEmbedConfig (html-embed)

@ckeditor/ckeditor5-html-embed/src/htmlembed

ClassicEditor
	.create( editorElement, {
		htmlEmbed: ... // HTML embed feature options.
	} )
	.then( ... )
	.catch( ... );

Properties

• sanitizeHtml : functionmodule:html-embed/htmlembed~HtmlEmbedConfig#sanitizeHtml

  Callback used to sanitize the HTML provided by the user when generating previews of it in the editor.

  See source

  We strongly recommend overwriting the default function to avoid XSS vulnerabilities.

  Read more about the security aspect of this feature in the "Security" section of the HTML embed feature guide.

  The function receives the input HTML (as a string), and should return an object that matches the HtmlEmbedSanitizeOutput interface.

  ClassicEditor
  		.create( editorElement, {
  			htmlEmbed: {
  				showPreviews: true,
  				sanitizeHtml( inputHtml ) {
  					// Strip unsafe elements and attributes, e.g.:
  					// the `<script>` elements and `on*` attributes.
  					const outputHtml = sanitize( inputHtml );
  
  					return {
  						html: outputHtml,
  						// true or false depending on whether the sanitizer stripped anything.
  						hasChanged: ...
  					};
  				},
  			}
  		} )
  		.then( ... )
  		.catch( ... );
  

  Copy

  Note: The function is used only when the feature is configured to render previews.

• showPreviews : Booleanmodule:html-embed/htmlembed~HtmlEmbedConfig#showPreviews

  Whether the feature should render previews of the embedded HTML.

  See source

  When set to true, the feature will produce a preview of the inserted HTML based on a sanitized version of the HTML provided by the user.

  The function responsible for sanitizing the HTML needs to be specified in config.htmlEmbed.sanitizeHtml().

  Read more about the security aspect of this feature in the "Security" section of the HTML embed feature guide.

  Defaults to false