add support for CSP nonces in createStyleTag
This commit is contained in:
Felix Klein
@@ -349,6 +349,22 @@ new Editor({
|
|||||||
})
|
})
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### injectNonce
|
||||||
|
When you use a [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) with `nonce`, you can specify a `nonce` to be added to dynamically created elements. Here is an example:
|
||||||
|
|
||||||
|
```js
|
||||||
|
import { Editor } from '@tiptap/core'
|
||||||
|
import StarterKit from '@tiptap/starter-kit'
|
||||||
|
|
||||||
|
new Editor({
|
||||||
|
extensions: [
|
||||||
|
StarterKit,
|
||||||
|
],
|
||||||
|
injectCSS: true,
|
||||||
|
injectNonce: "your-nonce-here"
|
||||||
|
})
|
||||||
|
```
|
||||||
|
|
||||||
### editorProps
|
### editorProps
|
||||||
For advanced use cases, you can pass `editorProps` which will be handled by [ProseMirror](https://prosemirror.net/docs/ref/#view.EditorProps). You can use it to override various editor events or change editor DOM element attributes, for example to add some Tailwind classes. Here is an example:
|
For advanced use cases, you can pass `editorProps` which will be handled by [ProseMirror](https://prosemirror.net/docs/ref/#view.EditorProps). You can use it to override various editor events or change editor DOM element attributes, for example to add some Tailwind classes. Here is an example:
|
||||||
|
|
||||||
|
|||||||
@@ -57,6 +57,7 @@ export class Editor extends EventEmitter<EditorEvents> {
|
|||||||
element: document.createElement('div'),
|
element: document.createElement('div'),
|
||||||
content: '',
|
content: '',
|
||||||
injectCSS: true,
|
injectCSS: true,
|
||||||
|
injectNonce: undefined,
|
||||||
extensions: [],
|
extensions: [],
|
||||||
autofocus: false,
|
autofocus: false,
|
||||||
editable: true,
|
editable: true,
|
||||||
@@ -136,7 +137,7 @@ export class Editor extends EventEmitter<EditorEvents> {
|
|||||||
*/
|
*/
|
||||||
private injectCSS(): void {
|
private injectCSS(): void {
|
||||||
if (this.options.injectCSS && document) {
|
if (this.options.injectCSS && document) {
|
||||||
this.css = createStyleTag(style)
|
this.css = createStyleTag(style, this.options.injectNonce)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -70,6 +70,7 @@ export interface EditorOptions {
|
|||||||
content: Content,
|
content: Content,
|
||||||
extensions: Extensions,
|
extensions: Extensions,
|
||||||
injectCSS: boolean,
|
injectCSS: boolean,
|
||||||
|
injectNonce: string | undefined,
|
||||||
autofocus: FocusPosition,
|
autofocus: FocusPosition,
|
||||||
editable: boolean,
|
editable: boolean,
|
||||||
editorProps: EditorProps,
|
editorProps: EditorProps,
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
export function createStyleTag(style: string): HTMLStyleElement {
|
export function createStyleTag(style: string, nonce?: string): HTMLStyleElement {
|
||||||
const tipTapStyleTag = (<HTMLStyleElement>document.querySelector('style[data-tiptap-style]'))
|
const tipTapStyleTag = (<HTMLStyleElement>document.querySelector('style[data-tiptap-style]'))
|
||||||
|
|
||||||
if (tipTapStyleTag !== null) {
|
if (tipTapStyleTag !== null) {
|
||||||
@@ -7,6 +7,10 @@ export function createStyleTag(style: string): HTMLStyleElement {
|
|||||||
|
|
||||||
const styleNode = document.createElement('style')
|
const styleNode = document.createElement('style')
|
||||||
|
|
||||||
|
if (nonce) {
|
||||||
|
styleNode.setAttribute('nonce', nonce)
|
||||||
|
}
|
||||||
|
|
||||||
styleNode.setAttribute('data-tiptap-style', '')
|
styleNode.setAttribute('data-tiptap-style', '')
|
||||||
styleNode.innerHTML = style
|
styleNode.innerHTML = style
|
||||||
document.getElementsByTagName('head')[0].appendChild(styleNode)
|
document.getElementsByTagName('head')[0].appendChild(styleNode)
|
||||||
|
|||||||
Reference in New Issue
Block a user