Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release] Version packages #3556

Merged
merged 1 commit into from
Sep 20, 2024
Merged

[Release] Version packages #3556

merged 1 commit into from
Sep 20, 2024

Conversation

github-actions[bot]
Copy link
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@udecode/[email protected]

Patch Changes

  • d30471cb19577e53c20944ab66eab2a7ef3b3ad2 by @12joan – Mitigate XSS in element.attributes by requiring all attribute names to be allowlisted in the node.dangerouslyAllowAttributes plugin configuration option.

    Migration:

    For each plugin that needs to support passing DOM attributes using element.attributes, add the list of allowed attributes to the node.dangerouslyAllowAttributes option of the plugin.

    const ImagePlugin = createPlatePlugin({
  key: 'image',
  node: {
    isElement: true,
    isVoid: true,
    dangerouslyAllowAttributes: ['alt'],
  },
});

    To modify existing plugins, use the extend method as follows:

    const MyImagePlugin = ImagePlugin.extend({
  node: {
    dangerouslyAllowAttributes: ['alt'],
  },
});

    WARNING: Improper use of dangerouslyAllowAttributes WILL make your application vulnerable to cross-site scripting (XSS) or information exposure attacks. Ensure you carefully research the security implications of any attribute before adding it. For example, the src and href attributes will allow attackers to execute arbitrary code, and the style and background attributes will allow attackers to leak users' IP addresses.

@udecode/[email protected]

Patch Changes

@udecode/[email protected]

Patch Changes

@udecode/[email protected]

Patch Changes

@udecode/[email protected]

@udecode/[email protected]

@udecode/[email protected]

@udecode/[email protected]

@udecode/[email protected]

@vercel Vercel
Copy link

vercel bot commented Sep 20, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
plate ✅ Ready (Inspect) Visit Preview 💬 Add feedback Sep 20, 2024 0:32am

@codesandbox CodeSandbox
Copy link

codesandbox bot commented Sep 20, 2024

Review or Edit in CodeSandbox

Open the branch in Web EditorVS CodeInsiders

Open Preview

@12joan 12joan merged commit a1002dd into main Sep 20, 2024
4 checks passed
@12joan 12joan deleted the changeset-release/main branch September 20, 2024 12:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@12joan