Vulnerability in EPiServer.Forms
Normally when registering a tinymce plugin you register a vpp in the episerverframework.config file.
<add name="MyTinyMcePlugin" virtualPath="~/util/editor/tinymce/plugins/MyPlugin/" physicalPath="..." type="EPiServer.Web.Hosting.VirtualPathNonUnifiedProvider,EPiServer"/>
When creating a protected addon module, is there another way to do this or is a vpp the only solution?
Is it possible to do this in a client module initializer perhaps?
We have added this support for the next framework release and we will investigate if it is possible to include this in the next core patch as well.
Was this support added? If so, how do we do this? I want to register a TinyMCE VPP programmatically within my plugin. Is this possible?
Actually, when reading my last answer (from march) I don't really understand why I wrote this since we have actually not added support to load plug-ins from an add-on. There was, however, a bug where it was no longer possible to add the plug-in by placing a file in the util folder (or by VPP:ing in the file there). This bug was introduced in the 7.1 UI update and fixed around the time of this thread so I'm guessing that my answer was really so say that this was fixed.
Regarding the original question about adding a Tiny MCE plug-in as part of an add-on, we don't have a good solution to that at the moment. We will probably spend some time upgrading the editor in the near future and I hope that this is something that we can consider while doing that since the script loader is changed in Tiny MCE 4.
Thanks for the answer. Is it possible to add/override a plugin by placing it in the Util folder now? In EPiServer 7, EPiServer 7.1 and EPiServer 7.5? I have created a thread with my problem here: http://world.episerver.com/Modules/Forum/Pages/Thread.aspx?id=79321&epslanguage=en