Download Latest Version
3.0.3 source code.tar.gz (436.7 kB)
Get an email when there's a new version of Neiki's Editor
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| 2.9.3 source code.tar.gz | 2026-05-17 | 372.5 kB | |
| 2.9.3 source code.zip | 2026-05-17 | 376.5 kB | |
| README.md | 2026-05-17 | 1.6 kB | |
| Totals: 3 Items | 750.5 kB | 0 | |
2.9.3
Added
- New
autosaveKeyconfiguration option for custom autosave draft scoping - Support for
data-neiki-autosave-keyattribute to isolate autosave data between editors - Extended autosave documentation with guidance for:
- multiple editors on the same page
- same-URL edit screens
- custom autosave scopes
Fixed
- Autosave Storage Collisions — autosave drafts are now scoped per page URL and editor identity to prevent editors from overwriting each other’s data
- Unsafe Modal Interpolation — escaped user-controlled values in link/image dialogs to prevent unsafe HTML injection
- Inserted Image Attribute Escaping — image attributes are now safely escaped before insertion into editor HTML
- Prototype Pollution Protection — translation/config merging now blocks dangerous keys such as
__proto__,prototype, andconstructor - Removed unused internal variables reported by static analysis in:
- image upload handling
- find/replace logic
- image resize code
Improved
- Hardened HTML sanitization when restoring editor content from:
- autosave drafts
- textarea/source HTML
- public HTML insertion APIs
Security
- Improved defense against XSS vectors during autosave restoration and HTML insertion
- Added safeguards against prototype pollution attacks during deep object merging
- Reduced attack surface identified by GitHub Code Scanning / static analysis
Full Changelog: https://github.com/neikiri/neiki-editor/compare/2.9.2...2.9.3