Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TinyMCE 6 module #762

Merged
merged 9 commits into from
Feb 21, 2024
Merged

Add TinyMCE 6 module #762

merged 9 commits into from
Feb 21, 2024

Conversation

renoth
Copy link
Contributor

@renoth renoth commented Feb 13, 2024

There are serious security issues with TinyMCE 4 and 5 https://security.snyk.io/package/npm/tinymce

Furthermore TinyMCE 4 is not updated in wicketstuff tinymce 4 and still on version 4.3.4,
see also https://security.snyk.io/package/npm/tinymce/4.3.5

The migration to TinyMCE 6 should be straightforward but there are some plugins which have become usable only with subscription.
This implementation only supports the free part of TinyMCE 6 retrieved from here https://www.tiny.cloud/get-tiny/self-hosted/

If you like the changes, please do a codereview (and maybe merge later).
Thank you for your time.

@renoth
Copy link
Contributor Author

renoth commented Feb 13, 2024

I also removed the ImageUploadHelper et al and JazzySpellChecker (is now done directly via browser API) and the InPlaceEditComponent.

martin-g
martin-g reviewed Feb 14, 2024
View reviewed changes
Copy link
Member

@martin-g martin-g left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have time to review properly 229 files.
And it seems most of them are copy/paste from the tinymce4 package.
I am fine to merge the PR but first I want to clear the case with the license.

tinymce6-parent/tinymce6-examples/LICENSE.txt Outdated Show resolved Hide resolved
tinymce6-parent/tinymce6/src/main/java/wicket/contrib/tinymce6/TinyMceInitializer.java Outdated Show resolved Hide resolved
@martin-g martin-g merged commit 005331b into wicketstuff:master Feb 21, 2024
1 check passed
@martin-g
Copy link
Member

Thank you, @renoth !

@solomax
Copy link
Contributor

solomax commented Feb 27, 2024

@renoth shall we drop tinymce3-parent and tinymce4-parent ?

@martin-g
Copy link
Member

@renoth shall we drop tinymce3-parent and tinymce4-parent ?

+1

@renoth
Copy link
Contributor Author

renoth commented Feb 27, 2024

I would update tinymce4 to the latest version of TinyMCE 4 since it works just fine. This module does have some features removed compared to TinyMCE4.
TinyMCE3 can be removed imho

@renoth
Copy link
Contributor Author

renoth commented Feb 27, 2024

Looking at the vulnerabilities again, i think it is time to drop TinyMCE 4 as well

@solomax
Copy link
Contributor

solomax commented Feb 28, 2024

Many thanks!
Dropping 3 and 4 for master branch :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martin-g martin-g martin-g approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@renoth @martin-g @solomax