Skip to content

Commit

Permalink
[4.4] TinyMCE 5.10.9 (#42359)
Browse files Browse the repository at this point in the history
This is a security release

## Version 5.10.9 - November 15, 2023
### Changed
- Zero width no-break space (U+FEFF) characters are removed from content passed to setContent, insertContent, and resetContent APIs.
- Zero width no-break space (U+FEFF) characters in initial content are not loaded into the editor upon initialization.
### Fixed
-Specific HTML content containing unescaped text nodes caused mXSS when using undo/redo.
-Specific HTML content containing unescaped text nodes caused mXSS when using the getContent and setContent APIs with the format: 'raw' option, which also affected the resetContent API and the draft restoration feature of the Autosave plugin
  • Loading branch information
brianteeman authored Nov 23, 2023
1 parent b7c1fc9 commit 49be844
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion plugins/editors/tinymce/tinymce.xml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<extension type="plugin" group="editors" method="upgrade">
<name>plg_editors_tinymce</name>
<version>5.10.8</version>
<version>5.10.9</version>
<creationDate>2005-08</creationDate>
<author>Tiny Technologies, Inc</author>
<authorEmail>N/A</authorEmail>
Expand Down

0 comments on commit 49be844

Please sign in to comment.