Click to expand the diff!
```diff
diff --git a/administrator/language/en-GB/plg_editors_tinymce.ini b/administrator/language/en-GB/plg_editors_tinymce.ini
index 7359a2b846992..6b2bf03efe1a7 100644
--- a/administrator/language/en-GB/plg_editors_tinymce.ini
+++ b/administrator/language/en-GB/plg_editors_tinymce.ini
@@ -96,4 +96,6 @@ PLG_TINY_TOOLBAR_BUTTON_FONTSIZESELECT="Font Size Select"
PLG_TINY_TOOLBAR_BUTTON_FORMATSELECT="Format Select"
PLG_TINY_TOOLBAR_BUTTON_SEPARATOR="Separator"
PLG_TINY_TOOLBAR_BUTTON_STYLESELECT="Style Select"
+PLG_TINY_FIELD_SANDBOX_IFRAMES_LABEL="Sandbox Iframes"
+PLG_TINY_FIELD_SANDBOX_IFRAMES_DESC="This is a security feature that restricts what the iframe can do by setting a sandbox attribute for each iframe. It is recommended to enable this feature for security reasons. Only disable if the iframe is not loading and you're sure that the iframed content is safe."
PLG_TINY_XML_DESCRIPTION="TinyMCE is a platform independent web based JavaScript HTML WYSIWYG Editor. Using sets you can configure and customise the editor for every user group."
diff --git a/plugins/editors/tinymce/forms/setoptions.xml b/plugins/editors/tinymce/forms/setoptions.xml
index 8179e5772e684..14ad640f306c7 100644
--- a/plugins/editors/tinymce/forms/setoptions.xml
+++ b/plugins/editors/tinymce/forms/setoptions.xml
@@ -225,6 +225,18 @@
showon="use_config_textfilters:0"
/>
+
+
+
+
+
false,
// Hardened security
- 'sandbox_iframes' => true,
+ // @todo enable with TinyMCE 7 using https://www.tiny.cloud/docs/tinymce/latest/content-filtering/#sandbox-iframes-exclusions otherwise all embed PDFs are broken
+ 'sandbox_iframes' => (bool) $levelParams->get('sandbox_iframes', true),
'convert_unsafe_embeds' => true,
// Specify the attributes to be used when previewing a style. This prevents white text on a white background making the preview invisible.
```
New language relevant PR in upstream repo: https://github.com/joomla/joomla-cms/pull/43716 Here are the upstream changes:
Click to expand the diff!
```diff diff --git a/administrator/language/en-GB/plg_editors_tinymce.ini b/administrator/language/en-GB/plg_editors_tinymce.ini index 7359a2b846992..6b2bf03efe1a7 100644 --- a/administrator/language/en-GB/plg_editors_tinymce.ini +++ b/administrator/language/en-GB/plg_editors_tinymce.ini @@ -96,4 +96,6 @@ PLG_TINY_TOOLBAR_BUTTON_FONTSIZESELECT="Font Size Select" PLG_TINY_TOOLBAR_BUTTON_FORMATSELECT="Format Select" PLG_TINY_TOOLBAR_BUTTON_SEPARATOR="Separator" PLG_TINY_TOOLBAR_BUTTON_STYLESELECT="Style Select" +PLG_TINY_FIELD_SANDBOX_IFRAMES_LABEL="Sandbox Iframes" +PLG_TINY_FIELD_SANDBOX_IFRAMES_DESC="This is a security feature that restricts what the iframe can do by setting a sandbox attribute for each iframe. It is recommended to enable this feature for security reasons. Only disable if the iframe is not loading and you're sure that the iframed content is safe." PLG_TINY_XML_DESCRIPTION="TinyMCE is a platform independent web based JavaScript HTML WYSIWYG Editor. Using sets you can configure and customise the editor for every user group." diff --git a/plugins/editors/tinymce/forms/setoptions.xml b/plugins/editors/tinymce/forms/setoptions.xml index 8179e5772e684..14ad640f306c7 100644 --- a/plugins/editors/tinymce/forms/setoptions.xml +++ b/plugins/editors/tinymce/forms/setoptions.xml @@ -225,6 +225,18 @@ showon="use_config_textfilters:0" /> +