Closed youssef-attia closed 1 year ago
Hey @youssef-attia!
CKEditor 4 reached its end of life in June, so, unfortunately, we can no longer accept code contributions. The existing options after the end of life are described in our readme, I hope that will help you to make a decision on what to do next: https://github.com/ckeditor/ckeditor4#summary-of-options-after-the-ckeditor-4-end-of-life
What is the purpose of this pull request?
Addresses #4971. Initial PR to add tooling to help with making CKEditor Trusted Types compatible.
This would be used as follows: Say we have some javascript innerHtml assignment
This would be a XSS sink and could potentially be dangerous so we sanitize our input html.
Now, we have faith in the sanitizer and trust that this is safe but this would still raise a report because the Trusted Type checker is not aware of the sanitizer. We can assure it that our input is safe using the tooling as follows:
Does your PR contain necessary tests?
Existing tests will cover this change.
Did you follow the CKEditor 4 code style guide?
[x] PR is consistent with the code style guide
Adding Trusted Types to CKEditor to help combat XSS injections.
What changes did you make?
Added a tooling function that will help with conversions to Trusted Types.