TinyMCE security fix (#4157)

* Rector: CQ - UnusedForeachValueToArrayKeysRector (#1) * Rector: CQ - UnusedForeachValueToArrayKeysRector See Rector\CodeQuality\Rector\Foreach_\UnusedForeachValueToArrayKeysRector * fixes + phpstan See fix at rector: rectorphp/rector-src#6164 * Security fix for TinyMCE - see GHSA-5359-pvf2-pw78 * Revert "Rector: CQ - UnusedForeachValueToArrayKeysRector (#1)" This reverts commit 3d7eaf6.
OpenMage · Aug 30, 2024 · 611bbe7 · 611bbe7
1 parent 9e0ca87
commit 611bbe7
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/js/mage/adminhtml/wysiwyg/tinymce/setup.js b/js/mage/adminhtml/wysiwyg/tinymce/setup.js
@@ -90,6 +90,7 @@ tinyMceWysiwygSetup.prototype =
             automatic_uploads: false,
             branding: false,
             promotion: false,
+            convert_unsafe_embeds: true, // default in TinyMCE v7.0
             convert_urls: false,
             relative_urls: true,
             skin: this.config.skin,