vk_embed
No security coverage
Embeds VK (VKontakte) wall posts inside CKEditor 5 content via a native toolbar button and balloon form. Editors paste the VK-generated embed snippet and the module stores a lightweight placeholder in the database. A text filter converts placeholders to the live VK widget on render. Server-side whitelist prevents XSS by only re-emitting the canonical VK.Widgets.Post() call.
Features
- Adds a VK Post button to the CKEditor 5 toolbar.
- Balloon form lets editors paste the VK-generated embed snippet.
- Optional toggle for background color (configurable per embed).
- Stores an escape-safe placeholder in the database.
- A text filter converts placeholders to the live VK widget on render.
- Server-side whitelist: only the canonical VK.Widgets.Post(id, ownerId, postId, hash) call is re-emitted; any extra script tags or markup are stripped.
- The openapi.js script is loaded only on pages that contain an embed.
Post-Installation
- Go to Configuration > Content authoring > Text formats and editors.
- Edit the text format you want to support VK embeds (e.g. Full HTML).
- Drag the VK Post button into the CKEditor 5 toolbar.
- Enable the VK Embed filter in the Enabled filters section.
- Save the format.
Additional Requirements
Drupal 10.3+ or 11. Requires filter (core) and ckeditor5 (core). No contrib dependencies.
Similar projects
This module focuses specifically on VK post embeds with a CKEditor 5 toolbar integration and XSS-safe server-side rendering. Other social embed modules may cover multiple platforms but typically lack native CKEditor 5 toolbar buttons or VK-specific XSS hardening.