TinyMCE 7.4.1 released #137
Comments
indigoxela
added a commit
that referenced
this issue
Oct 11, 2024
|
It works. 😉 Seems like there was a bit of a rush when creating this release - the changelog of released version 7.4.1 isn't up to date, neither has the release date been added to file doc blocks (it's still "TBD"). The code is up to date, though. |
indigoxela
added a commit
that referenced
this issue
Oct 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See https://github.com/tinymce/tinymce/blob/main/modules/tinymce/CHANGELOG.md
This contains a security fix in the included DOMPurify version.
DOMPurify's used to sanitize inline SVG, which by default isn't allowed in Tiny and isn't displayed at all in Backdrop in content.
Although it's possible to disable the "Limit allowed HTML tags" filter via UI, it's not possible to enable svg in Tiny (extended_valid_elements) without touching code.
The reason, why 7.4.1 is mentioned as security fix in Tiny Cloud and TinyMCE Enterprise editons, but not in the community edition, might eventually have something to do with the (non free) math plugin. Or maybe not, not sure. Or maybe it's just a policy? 🤷
Anyway... get the update.
The text was updated successfully, but these errors were encountered: