Merge MAGETWO-72021 into 2.3-bugfixes-240918

Author: dvoskoboinikov

lib/web/mage/adminhtml/wysiwyg/tiny_mce/html5-schema.js

@@ -186,11 +186,19 @@ define([
         });
 
         _.each(compiled, function (node, nodeName) {
-            var attributes  = node.attributes.join('|'),
-                children    = node.children.join('|');
+            var filteredAttributes = [];
 
-            validElements.push(nodeName + '[' + attributes + ']');
-            validChildren.push(nodeName + '[' + children + ']');
+            _.each(node.attributes, function (attribute) { //eslint-disable-line max-nested-callbacks
+                // Disallowing usage of 'on*' attributes.
+                if (!/^on/.test(attribute)) {
+                    filteredAttributes.push(attribute);
+                }
+            });
+
+            node.attributes = filteredAttributes;
+
+            validElements.push(nodeName + '[' + node.attributes.join('|') + ']');
+            validChildren.push(nodeName + '[' + node.children.join('|') + ']');
         });
 
         return {