mirror of https://github.com/joomla/joomla-cms.git
49be844d5a
This is a security release ## Version 5.10.9 - November 15, 2023 ### Changed - Zero width no-break space (U+FEFF) characters are removed from content passed to setContent, insertContent, and resetContent APIs. - Zero width no-break space (U+FEFF) characters in initial content are not loaded into the editor upon initialization. ### Fixed -Specific HTML content containing unescaped text nodes caused mXSS when using undo/redo. -Specific HTML content containing unescaped text nodes caused mXSS when using the getContent and setContent APIs with the format: 'raw' option, which also affected the resetContent API and the draft restoration feature of the Autosave plugin |
||
---|---|---|
.. | ||
codemirror | ||
none | ||
tinymce |