From 1b69f150e2f6877d110e31f187b6c135904a6550 Mon Sep 17 00:00:00 2001
From: Abhinav Jha <abhinav@appsmith.com>
Date: Fri, 20 Jun 2025 16:02:25 +0530
Subject: [PATCH] fix: upgrade tinymce to latest MIT licensed version (#41003)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Description
Fixes
https://github.com/appsmithorg/appsmith/security/dependabot/348
https://github.com/appsmithorg/appsmith/security/dependabot/347
https://github.com/appsmithorg/appsmith/security/dependabot/290

## Automation

/ok-to-test tags="@tag.Widget, @tag.TextEditor, @tag.Binding"

### :mag: Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/15773718244>
> Commit: a11b75ec4343ae8720ed5e066d7fecbb42e05fb3
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=15773718244&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Widget, @tag.TextEditor, @tag.Binding`
> Spec:
> <hr>Fri, 20 Jun 2025 09:01:44 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Enhanced the Rich Text Editor to automatically convert unsafe embedded
content to safe formats.
- **Chores**
  - Updated the TinyMCE editor to version 6.8.5.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---
 app/client/package.json                                |  2 +-
 .../widgets/RichTextEditorWidget/component/index.tsx   |  1 +
 app/client/yarn.lock                                   | 10 +++++-----
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/app/client/package.json b/app/client/package.json
index 0317b41d76..430541961c 100644
--- a/app/client/package.json
+++ b/app/client/package.json
@@ -226,7 +226,7 @@
     "tailwindcss": "^3.3.3",
     "tern": "^0.21.0",
     "tinycolor2": "^1.4.2",
-    "tinymce": "6.8.3",
+    "tinymce": "6.8.5",
     "toposort": "^2.0.2",
     "tslib": "^2.3.1",
     "typescript": "^5.5.4",
diff --git a/app/client/src/widgets/RichTextEditorWidget/component/index.tsx b/app/client/src/widgets/RichTextEditorWidget/component/index.tsx
index 8b85b6920a..db3544f161 100644
--- a/app/client/src/widgets/RichTextEditorWidget/component/index.tsx
+++ b/app/client/src/widgets/RichTextEditorWidget/component/index.tsx
@@ -430,6 +430,7 @@ function RichtextEditorComponent(props: RichtextEditorComponentProps) {
             branding: false,
             resize: false,
             browser_spellcheck: true,
+            convert_unsafe_embeds: true,
             content_style: `
               ${cssVariables}
               ${
diff --git a/app/client/yarn.lock b/app/client/yarn.lock
index e267a2358c..53edf6bc76 100644
--- a/app/client/yarn.lock
+++ b/app/client/yarn.lock
@@ -13951,7 +13951,7 @@ __metadata:
     tern: ^0.21.0
     terser-webpack-plugin: ^5.2.5
     tinycolor2: ^1.4.2
-    tinymce: 6.8.3
+    tinymce: 6.8.5
     toposort: ^2.0.2
     ts-jest: ^29.1.0
     ts-jest-mock-import-meta: ^0.12.0
@@ -33510,10 +33510,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"tinymce@npm:6.8.3":
-  version: 6.8.3
-  resolution: "tinymce@npm:6.8.3"
-  checksum: 2ce922ceb60636778afb21a493e99d561e73f82c5fb331a4f666d973129ca27277bc1b6332d6932ab8fe0a379b1f201285f143a2d72646a813fda88a0dec5312
+"tinymce@npm:6.8.5":
+  version: 6.8.5
+  resolution: "tinymce@npm:6.8.5"
+  checksum: 7f7ad8dd2b117b8a671f97e41fc094935cfe4d4b525c90e97c6fdb480b19514e334f4360d89f34c04915a928e0cf5264fc1a60559554770452d6fce17b884940
   languageName: node
   linkType: hard