Key Features
Zero Dependencies
Lumen Editor ships with no runtime dependencies. There is nothing extra to audit, nothing to keep updated, and no risk of transitive supply-chain issues.
Built-in Security
All HTML — whether typed, pasted, or programmatically set — is passed through a strict DOM-based allowlist sanitizer that strips dangerous tags, attributes, and URL protocols before they ever touch the DOM.
Framework-Agnostic
Because Lumen Editor targets a plain CSS selector or DOM element, it works identically in React, Vue, Svelte, Angular, or a zero-framework HTML page. No adapter packages required.
Configurable Toolbar
Every toolbar group is opt-in. Pass an array of button groups to the
toolbar option and Lumen renders exactly the controls your users need — nothing more.Light & Dark Themes
Switch between
light and dark themes at construction time or at runtime using editor.setTheme(). The theme layer is a single CSS file you can override to match your brand.Plugin System
Extend the editor with a plain function — no class inheritance, no registry, no magic. A plugin receives the editor instance and wires up whatever behaviour it needs.
How It Works
Lumen Editor is built on the browser’s nativecontenteditable API, which means it relies on battle-tested platform behaviour rather than re-implementing a document model from scratch. When content enters the editor — through user input, a paste event, or a setHTML() call — it is immediately run through a DOM-based allowlist sanitizer. The sanitizer works by parsing the incoming HTML into a temporary off-document fragment, walking every node, and removing or rewriting anything that isn’t on the explicit allow-list of tags, attributes, URL protocols, and CSS properties. The result is re-serialised and written into the editable region. Because the sanitizer operates on real DOM nodes rather than regex patterns, it is resistant to the encoding tricks that fool string-based approaches.
Lumen Editor is fully CSP-compatible. It never calls
eval, new Function(), or injects dynamic <script> elements at runtime, so you can deploy it under a strict Content Security Policy without special exceptions.Next Steps
Quickstart
Install Lumen Editor and have a working editor on your page in under five minutes.
Installation
Explore all install methods — npm, yarn, pnpm, and CDN script tag.