Closed RGerhardt-Pressmind closed 2 months ago
I can't give you an exact date, although it is planned. You can still set cloudChannel
to 7 or use TinyMCE version 7 through any of the other methods mentioned in the docs.
You'd also need to set the license_key
prop in init
, if applicable.
For the meantime you could set the convert_unsafe_embeds
to true
, which was introduced with TinyMCE v6.8.1.
See GitHub advisory for details.
This is fixed by #378, which adds TinyMCE 7 as the default cloud channel, amongst other supporting features for it.
Hello, when is the tinymce update coming? Since today the npm update reports an official XSS bug. This would be fixed in tinymce 7.0, but tinymce-angular has not been updated for over a year. Is an update conceivable in the near future?
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements - https://github.com/advisories/GHSA-5359-pvf2-pw78
Regards Robbyn