From 4868c7f2876d99f9a70694be07bf3f8473b16aea Mon Sep 17 00:00:00 2001
From: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date: Mon, 19 Aug 2024 22:01:42 +0100
Subject: [PATCH] Fixed CVE-2024-29881 for TinyMCE

---
 pub/js/mage/adminhtml/wysiwyg/tinymce/setup.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pub/js/mage/adminhtml/wysiwyg/tinymce/setup.js b/pub/js/mage/adminhtml/wysiwyg/tinymce/setup.js
index 482d01ccd..a8bb4fc97 100644
--- a/pub/js/mage/adminhtml/wysiwyg/tinymce/setup.js
+++ b/pub/js/mage/adminhtml/wysiwyg/tinymce/setup.js
@@ -91,6 +91,7 @@ tinyMceWysiwygSetup.prototype =
             branding: false,
             promotion: false,
             convert_urls: false,
+            convert_unsafe_embeds: true,
             relative_urls: true,
             skin: this.config.skin,
             min_height: 460,