search

backdrop-contrib / tinymce

Integration for the TinyMCE editor in Backdrop CMS
https://backdropcms.org/project/tinymce
GNU General Public License v2.0
2 stars 1 forks source link

TinyMCE v7 around the corner - things to keep in mind #88

Closed indigoxela closed 3 months ago

indigoxela commented 4 months ago

Huge surprise: license change! OK for us, GPLv2 with GPLv2+ ... Saw it by accident, here a mini discussion: https://github.com/tinymce/tinymce/issues/9453 And also: https://github.com/tinymce/tinymce/blob/main/LICENSE.md Probably more discussion to come out there.

After switching to 7, I'll have to update related license mentions...

It was clear (as it was documented and console-nagged), that the template plugin will be removed in 7.x. - it has been hidden in this module (wasn't available via builder), but some adventurous admins might have used it via custom profiles. Add a note to the readme / release notes.

Eventually I'll wait until the first release after 7.0.0, anyway - have to check the amount of changes.

indigoxela commented 4 months ago

Updated finding: seems like there'll be a "license key check" in init function, which means, we'd have to update the default options in our module (no big deal).

https://github.com/tinymce/tinymce/blob/main/modules/tinymce/src/core/main/ts/init/LicenseKeyValidation.ts

No statement or documentation re that, yet. :shrug: We'll see.

Keep an eye on the changelog

indigoxela commented 3 months ago

Version 7.0 is out, version 6.8 will be supported until 2025-06-06.

The documentation for the license key option's here.

indigoxela commented 3 months ago

In fact, 7.x also seems to be a security hardening version, which completes fixing an XSS issue, which was worked around in 6.8.1.

indigoxela commented 3 months ago

Reopening just to keep things in mind for the release notes... No need to rush, though. Iframes in editor content are uncommon in Backdrop, unnecessary, and won't even display after saving when the "Limit allowed HTML tags" filter is on.

Sure, admins still can accomplish insecure setups (with some effort), but then ... :shrug:

indigoxela commented 3 months ago

It might make sense to mention the changed trigger key for markdown conversion (space). And the addions of chars. Or maybe override to previous defaults?

indigoxela commented 3 months ago

Another change in 7: highlight_on_focus is now true by default... not sure, yet. It seems an A11Y improvement.

indigoxela commented 3 months ago

Release is out.