GrapesJS/grapesjs v0.18.2
v0.18.2 - Security fixes

on GitHub

latest releases: v0.21.10, v0.21.9, v0.21.8...

2 years ago

Added

Added Component.getInnerHTML method.
Added withProps and altQuoteAttr options to Component.toHTML method.
Added onlyMatched option to CSS code generator.
Added new options to editor.Parser.parseHtml.
Added config.parser.optionsHtml configuration options.

Changed

Make the component resize command more extendable #4097
Deprecated config.allowScripts in favor of config.parser.optionsHtml.allowScripts.
⚠️ As before, config.parser.optionsHtml.allowScripts is false by default but now we also remove unsafe attributes from parsed HTML (eg. on* inline event handlers). In case you need to enable unsafe attributes, you can do it via config.parser.optionsHtml.allowUnsafeAttr option.

Fixed

Fix XSS in ClassTagsView #4076
Fix external D&D for Image components #4094

Check out latest releases or
releases around GrapesJS/grapesjs v0.18.2

Don't miss a new grapesjs release

NewReleases is sending notifications on new releases.

Get notifications