TinyMCE strips them by default, but if they're specifically added to the allowed elements we should respect that setting. Example PHP config: $validEls = HtmlEditorConfig::get('cms')->getOption('extended_valid_elements'); $validEls .= ',script[src|type]'; HtmlEditorConfig::get('cms')->setOption('extended_valid_elements', $validEls);
Noticed that "from the web" images don't respect the width and height settings, this fixes that.
#4511 PHP 5.6 doesn't like access to HTTP_RAW_POST_DATA and recommends the use of php://input, which is already supported by this code. I've just removed the deprecated calls.