1.0.0 • Published 6 months ago

@aegisjsproject/md-editor v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
6 months ago

@aegisjsproject/md-editor

A custom Markdown editor component with preview as a form input element

CodeQL Node CI Lint Code Base

GitHub license GitHub last commit GitHub release GitHub Sponsors

npm node-current npm bundle size gzipped npm

GitHub followers GitHub forks GitHub stars Twitter Follow

Donate using Liberapay

Installation

Node Instructions

npm i @aegisjsproject/md-editor

Using <script type="importmap"> and a CDN

<script type="importmap">
  {
    "imports": {
      "@aegisjsproject/md-editor": "https://unpkg.com/@aegisjsproject/md-editor@1.0.0/md-editor.min.js"
    }
  }
</script>

Just Using a <script>

<script src="https://unpkg.com/@aegisjsproject/md-editor@1.0.0/md-editor.min.js" crossorigin="anonymous" referrerpolicy="no-referrer" defer=""></script>

Example Usage

Just using HTML

<form id="post">
  <label for="content">Content</label>
  <!-- This behaves basically like a textarea or any input -->
  <md-editor name="content" id="content" minlength="40" mode="editor" required="">
    # Hello, World!
    ![foo](/img/foo.png)
  </md-editor>
  <!-- Rest of form stuff -->
</form>

Creating through Scripting

// Need to import if not already added
import '@aegisjsproject/md-editor';

// Get the component class
const HTMLMarkdownEditorElement = customElements.get('md-editor');

// Create and setup the element
const editor = new HTMLMarkdownEditorElement();
editor.name = 'content';
editor.id = 'content';

// Optionally bind to `history.state[whatever]
editor.textContent = history.state?.content;
editor.addEventListener('change', ({ target }) => history.replaceState({ content: target.value }, '', location.href), { passive: true });

// Add to the form, after its `<label>`
document.querySelector(`label[for="${editor.id}"]`).after(editor);

Usage Notes and Browser APIs

This component utilizes some proposed and experimental APIs including Element.prototype.setHTML (this Sanitizer API) and String.dedent. These APIs MUST be polyfilled. You may find the required polyfills in @shgysk8zer0/polyfills or provide your own.

Security

Like all @aegisjsproject libraries, this component is indended to be safe and compatible in highly secure contexts. It is designed to work with a very restricted CSP as well as the Trusted Types API.

Example CSP

Note the SRI Integrity used for a <script type="importmap"> and the Trusted Types Policy of aegis-sanitizer#html (required for the Sanitizer API polyfill).

Content-Security-Policy: default-src 'self'; script-src 'self' https://unpkg.com/@shgysk8zer0/ https://unpkg.com/@aegisjsproject/ 'sha384-XYouuKGvd2BSrapxPZFWENl9b0loR7EVyC2cls6tQ/Oa+3R/uWw6TQ+nWa4/zt9l'; style-src 'self' https://unpkg.com/@highlightjs/ https://unpkg.com/@aegisjsproject/; img-src 'self'; trusted-types aegis-sanitizer#html; require-trusted-types-for 'script';
aegisaegisjsprojectmarkdowncustom-inputsecuresanitizer-apicustom-elementsweb-componentsmd-editormarkdown-editormarkdown-viewerform-associated-custom-elementform-associated
1.0.0

6 months ago