[5.1] Allow PDF embeding again

[jgerman-bot]

New language relevant PR in upstream repo: joomla/joomla-cms#43716 Here are the upstream changes:

Click to expand the diff!

diff --git a/administrator/language/en-GB/plg_editors_tinymce.ini b/administrator/language/en-GB/plg_editors_tinymce.ini
index 7359a2b846992..6b2bf03efe1a7 100644
--- a/administrator/language/en-GB/plg_editors_tinymce.ini
+++ b/administrator/language/en-GB/plg_editors_tinymce.ini
@@ -96,4 +96,6 @@ PLG_TINY_TOOLBAR_BUTTON_FONTSIZESELECT="Font Size Select"
 PLG_TINY_TOOLBAR_BUTTON_FORMATSELECT="Format Select"
 PLG_TINY_TOOLBAR_BUTTON_SEPARATOR="Separator"
 PLG_TINY_TOOLBAR_BUTTON_STYLESELECT="Style Select"
+PLG_TINY_FIELD_SANDBOX_IFRAMES_LABEL="Sandbox Iframes"
+PLG_TINY_FIELD_SANDBOX_IFRAMES_DESC="This is a security feature that restricts what the iframe can do by setting a sandbox attribute for each iframe. It is recommended to enable this feature for security reasons. Only disable if the iframe is not loading and you're sure that the iframed content is safe."
 PLG_TINY_XML_DESCRIPTION="TinyMCE is a platform independent web based JavaScript HTML WYSIWYG Editor. Using <strong>sets</strong> you can configure and customise the editor for every user group."
diff --git a/plugins/editors/tinymce/forms/setoptions.xml b/plugins/editors/tinymce/forms/setoptions.xml
index 8179e5772e684..14ad640f306c7 100644
--- a/plugins/editors/tinymce/forms/setoptions.xml
+++ b/plugins/editors/tinymce/forms/setoptions.xml
@@ -225,6 +225,18 @@
 			showon="use_config_textfilters:0"
 		/>
 
+		<field
+			name="sandbox_iframes"
+			type="radio"
+			label="PLG_TINY_FIELD_SANDBOX_IFRAMES_LABEL"
+			description="PLG_TINY_FIELD_SANDBOX_IFRAMES_DESC"
+			layout="joomla.form.field.radio.switcher"
+			default="1"
+			>
+			<option value="0">JOFF</option>
+			<option value="1">JON</option>
+		</field>
+
 		<!-- Extra plugins -->
 		<field
 			name="resizing"
diff --git a/plugins/editors/tinymce/src/PluginTraits/DisplayTrait.php b/plugins/editors/tinymce/src/PluginTraits/DisplayTrait.php
index be10b339218d4..f93e0829baf5d 100644
--- a/plugins/editors/tinymce/src/PluginTraits/DisplayTrait.php
+++ b/plugins/editors/tinymce/src/PluginTraits/DisplayTrait.php
@@ -460,7 +460,8 @@ public function display(string $name, string $content = '', array $attributes =
                 'promotion' => false,
 
                 // Hardened security
-                'sandbox_iframes'       => true,
+                // @todo enable with TinyMCE 7 using https://www.tiny.cloud/docs/tinymce/latest/content-filtering/#sandbox-iframes-exclusions otherwise all embed PDFs are broken
+                'sandbox_iframes'       => (bool) $levelParams->get('sandbox_iframes', true),
                 'convert_unsafe_embeds' => true,
 
                 // Specify the attributes to be used when previewing a style. This prevents white text on a white background making the preview invisible.