TinyMCE has an autosave plugin that is always enabled in Joomla. There is no configuration options or UI exposed within the Joomla implementation of TinyMCE.
The autosave plugin can do a lot of things but the only thing we use it for is to pop up an alert if you try to use the browser back button to leave an article which has unsaved changes.
This works by tinymce keeping a copy of an edited article in your browsers local storage.
The problem is that if you continue to leave the article the storage is not cleared AND it wont be until you edit the article again. So if you never re-visit your articles a copy will be kept in the browser local storage. Browser local storage is designed to be permanent and is fundamentally vulnerable to xss attack
After discussions with @SniperSister I would propose that the autosave plugin is disabled/removed from joomla and a different method is used to warn users who use the back button in their browser.
brianteeman
commented
2 years ago
TinyMCE has an autosave plugin that is always enabled in Joomla. There is no configuration options or UI exposed within the Joomla implementation of TinyMCE.
The autosave plugin can do a lot of things but the only thing we use it for is to pop up an alert if you try to use the browser back button to leave an article which has unsaved changes.
This works by tinymce keeping a copy of an edited article in your browsers local storage.
The problem is that if you continue to leave the article the storage is not cleared AND it wont be until you edit the article again. So if you never re-visit your articles a copy will be kept in the browser local storage. Browser local storage is designed to be permanent and is fundamentally vulnerable to xss attack
After discussions with @SniperSister I would propose that the autosave plugin is disabled/removed from joomla and a different method is used to warn users who use the back button in their browser.