Replace Quill #600
Comments
|
For anybody who's interested, we've discussed this intensely and searched for alternatives. TinyMCE crossed our minds, but during a PoC we found out that you need to register each domain using the text editor. Another alternative was Draft, but that library recently seems to be abandoned by Facebook in favor of Lexical. To prevent projects not using the TextEditor component from getting spammed with OWASP warnings, we moved react-quill to optional dependencies. This means you, as a user, are responsible for the installation of react-quill when you are using the TextEditor component. I personally worked on a PoC for both Draft and Lexical. We decided not to work on the PoC for Draft anymore, because it'll probably be replaced by another library soon anyway. Lexical is a great library, but it's too early to adopt it and doesn't support the options we provide in our TextEditor component yet. Another possible replacement would be Slate, but that is still in beta. The OWASP warnings we've been getting for react-quill are all related to cross-site scripting, which is only a problem if you don't escape insecure HTML. The library actually doesn't have any reported vulnerabilities, so it's safe to keep using react-quill for now. So to conclude, there will be no replacement until Slate or Lexical comes out of beta, or another great library comes along. |
|
There's been an update to React Quill with upgraded dependencies, so that project is still running. We can keep using it for a while longer now, so enough time to wait for a better alternative to be released. |
The react-quill library is pretty outdated and lately contains more and more security risks. It should be replaced with an alternative.
The text was updated successfully, but these errors were encountered: