Vulnerability in EPiServer.Forms
I just upgraded from CMS 12.14.0 to 12.19.0 and CMS.TinyMCE from 3.3.3 to 4.2.0 and now I get these errors in the console:
SyntaxError: Unexpected token '<'
at dojo.fromJson (dojo.js:15:82234)
at Object.json (dojo.js:15:120242)
at _497 (dojo.js:15:123066)
at _2cd (dojo.js:15:73012)
at _2cb (dojo.js:15:72704)
at resolve.callback (dojo.js:15:73525)
at _2f2 (dojo.js:15:75368)
at _2ec (dojo.js:15:75232)
at _2f1.resolve (dojo.js:15:76693)
Uncaught SyntaxError: Unexpected token '<' (at plugin.min.js:2:1)
plugin.min.js is located in the folder: /EPiServer/EPiServer.Cms.TinyMce/4.2.0/ClientResources/tinymce/plugins/imagetools/plugin.min.js
Firstly did you check if this version is compatible with CMS 12.19.0 after that can you re-install it? May be it is not been installed properly or something.
Well the Episerver.CMS 12.19.0 has a direct dependency to CMS.TinyMCE 4.2 so I guess there should not be a problem.
looks like imagetools are no longer for free, could that have something to do with it?
Wild guess: The server actually returns an error page in place of the plugin.min.js. Check the browser dev tools if you can see the response there, it might tell you more about what the error is.
Magnus, that is a great guess! Clicking on the link actually gives me a html page and not the actual script. I will dig deeper. Thanks!
They were actually 404 errors and removing these Tiny plugins from my configuration fixed the issue:
imagetools paste spellchecker
Thanks all for your help!
Just fyi re: those TinyMCE plugins:
EPiServer.CMS.TinyMce 4.x and above have the spellchecker built into TinyMCE. You do not need to install Spellchecker for TinyMCE 4.x; just add the following code in startup.cs to enable spellchecker:
See recent updates here: https://world.optimizely.com/documentation/Release-Notes/ReleaseNote/?releaseNoteId=CMS-27270