TinyMCE security fix (#4157)

sreichel · web-flow · commit 611bbe7ba8b1 · 2024-08-30T09:32:50.000+08:00
* Rector: CQ - UnusedForeachValueToArrayKeysRector (#1) * Rector: CQ - UnusedForeachValueToArrayKeysRector See Rector\CodeQuality\Rector\Foreach_\UnusedForeachValueToArrayKeysRector * fixes + phpstan See fix at rector: rectorphp/rector-src#6164 * Security fix for TinyMCE - see GHSA-5359-pvf2-pw78 * Revert "Rector: CQ - UnusedForeachValueToArrayKeysRector (#1)" This reverts commit 3d7eaf6.
diff --git a/js/mage/adminhtml/wysiwyg/tinymce/setup.js b/js/mage/adminhtml/wysiwyg/tinymce/setup.js
@@ -90,6 +90,7 @@ tinyMceWysiwygSetup.prototype =
             automatic_uploads: false,
             branding: false,
             promotion: false,
+            convert_unsafe_embeds: true, // default in TinyMCE v7.0
             convert_urls: false,
             relative_urls: true,
             skin: this.config.skin,
