HtmlEmbedConfig
The configuration of the HTML embed feature.
ClassicEditor
.create( editorElement, {
htmlEmbed: ... // HTML embed feature options.
} )
.then( ... )
.catch( ... );
See all editor options.
Properties
-
sanitizeHtml : ( html: string ) => HtmlEmbedSanitizeOutput | undefinedmodule:html-embed/htmlembedconfig~HtmlEmbedConfig#sanitizeHtmlCallback used to sanitize the HTML provided by the user in HTML embed widget when it is previewed inside the editor.
We strongly recommend overwriting the default function to avoid XSS vulnerabilities.
Read more about the security aspect of this feature in the "Security" section of the HTML embed feature guide.
The function receives the input HTML (as a string), and should return an object that matches the
HtmlEmbedSanitizeOutputinterface.ClassicEditor .create( editorElement, { htmlEmbed: { showPreviews: true, sanitizeHtml( inputHtml ) { // Strip unsafe elements and attributes, e.g.: // the `<script>` elements and `on*` attributes. const outputHtml = sanitize( inputHtml ); return { html: outputHtml, // true or false depending on whether the sanitizer stripped anything. hasChanged: ... }; }, } } ) .then( ... ) .catch( ... );Copy codeNote: The function is used only when the feature is configured to render previews.
-
showPreviews : boolean | undefinedmodule:html-embed/htmlembedconfig~HtmlEmbedConfig#showPreviewsWhether the feature should render previews of the embedded HTML.
When set to
true, the feature will produce a preview of the inserted HTML based on a sanitized version of the HTML provided by the user.The function responsible for sanitizing the HTML needs to be specified in
config.htmlEmbed.sanitizeHtml().Read more about the security aspect of this feature in the "Security" section of the HTML embed feature guide.