Skip to content

chore(deps): update @dxpr/ckeditor5-ai-agent to 1.2.0#41

Merged
jjroelofs merged 1 commit into1.xfrom
jur/1.x/update-ai-agent-plugin-1.2.0
Dec 3, 2025
Merged

chore(deps): update @dxpr/ckeditor5-ai-agent to 1.2.0#41
jjroelofs merged 1 commit into1.xfrom
jur/1.x/update-ai-agent-plugin-1.2.0

Conversation

@jjroelofs
Copy link
Copy Markdown
Contributor

@jjroelofs jjroelofs commented Dec 3, 2025

Summary

  • Update @dxpr/ckeditor5-ai-agent from 1.1.2 to 1.2.0
  • Migrate Drupal config from separate allowedImageDomains/allowedLinkDomains to unified allowedDomains

Closes #40

Changes

PHP/Drupal Files

  • src/Form/AiAgentSettingsForm.php - Updated submit handler
  • src/Plugin/CKEditor5Plugin/AiAgent.php - Updated default config and fallbacks
  • src/Form/ConfigMappingTrait.php - Updated config mapping
  • src/Form/AiAgentFormTrait.php - Combined two textarea fields into single "Allowed Domains" field
  • config/schema/ckeditor_ai_agent.schema.yml - Schema updated
  • config/schema/ckeditor_ai_agent.ckeditor5.schema.yml - Schema updated

JS Files (from npm package)

  • Rebuilt js/build/ai-agent.js
  • Updated source files in js/ckeditor5_plugins/aiagent/src/

Breaking Change

⚠️ Sites with custom aiOutputSecurity config will need to migrate:

Before:

'allowedImageDomains' => ['unsplash.com'],
'allowedLinkDomains' => ['mycompany.com']

After:

'allowedDomains' => ['unsplash.com', 'mycompany.com']

Test plan

  • Clear Drupal cache (drush cr)
  • Verify AI Agent settings form shows single "Allowed Domains" field
  • Test AI content generation with external URLs (should be blocked/replaced)
  • Test with allowed domain in config (should pass through)

chore(deps): update @dxpr/ckeditor5-ai-agent to 1.2.0
9e2af33 
BREAKING CHANGE: aiOutputSecurity config API changed

Updates include:
- security: Simplify AI output URL filtering (CVE-2025-32711) (#170)
  - Refactored from tag-specific to universal URL detection
  - Scans ALL attributes of ALL elements for URLs
  - Blocks javascript:, vbscript:, and data: URI schemes
  - Catches protocol-relative URLs (//evil.com/...)
  - HTML tag whitelist blocks dangerous elements by default
- Updated supported models list

Config migration:
- allowedImageDomains and allowedLinkDomains replaced with unified allowedDomains
@jjroelofs jjroelofs merged commit 2fd2a06 into 1.x Dec 3, 2025
4 checks passed
@jjroelofs jjroelofs deleted the jur/1.x/update-ai-agent-plugin-1.2.0 branch December 3, 2025 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

deps maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update @dxpr/ckeditor5-ai-agent to 1.2.0

1 participant

@jjroelofs