Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.x] Update TinyMCE #30329

Merged
merged 2 commits into from
Aug 15, 2020
Merged

[3.x] Update TinyMCE #30329

merged 2 commits into from
Aug 15, 2020

Conversation

SniperSister
Copy link
Contributor

Summary of Changes

This PR updates tinymce to version 4.5.12 - this is the highest version we can include in Joomla 3 due to browser support.

It also fixes numerous security issues.

Changelog:

Fixed so links with xlink:href attributes are filtered correctly to prevent XSS. #TINY-1626
Fixed the selection.setContent() API not running parser filters #TINY-4002
Fixed the visualchars plugin converting HTML-like text to DOM elements in certain cases #TINY-4507
Fixed HTML comments incorrectly being parsed in certain cases #TINY-4511
Fixed a security issue related to CDATA sanitization during parsing #TINY-4669
Fixed content in an iframe element parsing as dom elements instead of text content #TINY-5943

@SniperSister
Copy link
Contributor Author

/cc @joomla/security

@brianteeman
Copy link
Contributor

is the admin-item-edit js supposed to be here?

@SniperSister
Copy link
Contributor Author

@brianteeman whoops, good catch, fixed

@zero-24
Copy link
Contributor

zero-24 commented Aug 11, 2020

I have tested this item ✅ successfully on d98c59e

Looks good to me, thanks @SniperSister


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30329.

@richard67
Copy link
Member

I have tested this item ✅ successfully on d98c59e


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30329.

@richard67
Copy link
Member

RTC


This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/30329.

@joomla-cms-bot joomla-cms-bot added the RTC This Pull Request is Ready To Commit label Aug 15, 2020
@zero-24 zero-24 added this to the Joomla! 3.9.21 milestone Aug 15, 2020
@wilsonge wilsonge merged commit 5844fe9 into joomla:staging Aug 15, 2020
@joomla-cms-bot joomla-cms-bot removed the RTC This Pull Request is Ready To Commit label Aug 15, 2020
@wilsonge
Copy link
Contributor

Thanks guys!

Reconix pushed a commit to Reconix/joomla-cms that referenced this pull request Aug 31, 2020
Upgrade TinyMCE to 4.5.12
Reconix added a commit to Reconix/joomla-cms that referenced this pull request Aug 31, 2020
Reconix added a commit to Reconix/joomla-cms that referenced this pull request Aug 31, 2020
Reconix added a commit to Reconix/joomla-cms that referenced this pull request Aug 31, 2020
@SniperSister SniperSister deleted the 3x-tinymceupdate branch March 3, 2022 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants