Closed cis-ankity closed 5 years ago
👍 This would help us with addressing issues from a Pen Test.
Controlling/Adding any integrity check to the library calls made by CKEditor is beyond the scope of this library since CKEditor does that automatically and does not expose any method to listen for the same.
The best way for you to use this library would be to host your own custom CKEditor build on your own server and pass the link to your custom build using scriptUrl
prop to react-ckeditor (as discussed in #65 ). The subsequent subresource calls will then be made to your server by CKEditor (I haven't checked this but it should work that way).
@codeslayer1, thanks for the suggestion. I've built my own ck-editor and put it in the projects public folder but the loading time was very high for the editor, that's why I'm logging some inter solution from the package
@cis-ankity You can host it via your own CDN if speed is the issue. I am not sure if there is any other workaround to this apart from hosting your own build. Please let me know in case you find any other alternative to this. Closing this issue in the meantime.
I'm using the editor for different pages in my application and find that when its loaded into the DOM, it is automatically calling the API to fetch required libraries - For example - https://cdn.ckeditor.com/4.6.2/standard/lang/en.js?t=H0CG https://cdn.ckeditor.com/4.6.2/standard/styles.js?t=H0CG
I want to add SRI check for the every API call made by the editor to ensure the security of my application. Is there any way to do that?