syncfusion-react-blockeditor
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents a legitimate UI component library from a known vendor. All external resources and package references are consistent with the vendor's own infrastructure.
- [DATA_EXFILTRATION]: The component supports image uploads to a configurable server endpoint (
saveUrl). This is a standard feature for media-rich editors and is documented for functional purposes. - [PROMPT_INJECTION]: The editor processes external data formats (HTML and JSON) for content rendering, which is a potential surface for indirect prompt injection. The documentation provides specific security configurations, such as
pasteCleanupSettingsand integration withDOMPurify, to ensure that untrusted content is sanitized before processing. - Ingestion points: Data enters the component via the
blocksprop and methods likeparseHtmlToBlocksorrenderBlocksFromJson(see references/methods-and-api.md). - Boundary markers: The component renders content within a sandboxed editor UI, and the documentation recommends using separate status regions for dynamic updates (see references/accessibility.md).
- Capability inventory: The component can add/remove blocks, execute formatting commands, and upload files to a server (see references/methods-and-api.md and references/advanced-features.md).
- Sanitization: Built-in XSS protection and
PasteCleanupSettingsModelare provided to filter dangerous tags likescriptoriframe(see references/advanced-features.md).
Audit Metadata