Security & Safety
rich-html-editor is designed with security as a first-class concern. This page explains the editor’s security model, guarantees, and responsibilities.
Iframe Isolation
The editor operates entirely inside an
<iframe>.
- Editor DOM is isolated from the host application
- Styles do not leak in or out
- Script execution is scoped to the iframe
This isolation significantly reduces the risk of unintended side effects.
Same-Origin Requirement
Same-origin access is required to:
- Attach event listeners
- Inspect and modify DOM safely
- Extract clean HTML
For browser usage, iframe.srcdoc is strongly recommended.
Editable Region Control
The editor does not allow unrestricted editing.
Only certain candidate content elements (paragraphs, headings, spans, etc.) become editable; users make an element editable by clicking or focusing it. See Core Concepts for details.
<p>User-editable text</p>This prevents users from:
- Deleting structural elements
- Breaking layout containers
- Injecting arbitrary markup
Sanitization & Clean HTML
During editing, the editor may add temporary attributes or metadata.
When exporting HTML using:
editor.getHTML();The editor ensures:
- Editor-specific attributes are removed
- Unsafe markup is stripped
- Output HTML is predictable and clean
XSS Considerations
rich-html-editor minimizes XSS risk by:
- Operating in an isolated iframe
- Restricting editable regions
- Sanitizing output HTML
What the Editor Does NOT Protect Against
- ❌ Malicious templates provided by untrusted sources
- ❌ Server-side HTML injection after export
- ❌ Improper storage or rendering of exported HTML
Always apply appropriate server-side validation and sanitization when storing or serving HTML.
Enterprise Usage
rich-html-editor is suitable for enterprise environments where:
- HTML integrity is critical
- Users are non-technical
- Approval workflows are required
- Security audits are expected