This is intended behaviour and implements the security hardening in tniymce

https://youtu.be/OGZ06TCdJHc?si=Z0sSHlVaV-OP0wRi&t=64

Followed your video and It does the same behaviour... Puts the sandbox inside!

yes it is supposed to put the sandbox there. As I said this is a security change from tinymce https://www.tiny.cloud/docs/tinymce/latest/7.0-release-notes/#security-fixes

So we cannot put an iframe like google maps from now on? I now its a security fix but

What this documentation/update changes says is this:
..
From TinyMCE 7.0.0 onwards the default value of this option is true.
...
In TinyMCE 7.0.0 a new sandbox_iframes_exclusions option was also added, allowing a list of domains to be specified that should be excluded from having the sandbox="" attribute applied when the sandbox_iframes option is enabled. By default, this option is set to an array of domains that are provided in embed code by popular websites. To sandbox iframe elements from every domain, set this option to [].

also this exists..

Without those every map on site with iframe will not be displayed because it will become sandboxed. Something that so many years was working. Maybe in the plugin we should have an option to enable or disable this option and put convert_unsafe_embeds and sandbox_iframes_exclusions value if needed.

tinymce.init({
  selector: 'textarea',  // change this value according to your html
  sandbox_iframes: false
});

This is intended behaviour and implements the security hardening in tniymce

https://youtu.be/OGZ06TCdJHc?si=Z0sSHlVaV-OP0wRi&t=64

This doesn't work for me either. Joomla 5.1.0

I understand this is done for security but I can't find any solution to allow me to embed youtube videos with iframe which makes this a complete annoying bug

Workaround:

Install TinyMCE Configuration Modifier plugin https://github.com/nikosdion/plg_system_tinymod
Then add:
{
"sandbox_iframes": false
}

Bug tinymce editor Joomla 5.1.0 and 5.1.1, TinyMCE editor rewrites code iframe by adding sandbox="".
When you want to share a YouTube movie and place it in an iframe, tinymce rewrites the code and adds sandbox="" which causes the video to no longer work, giving an error.

Workaround: Replace the tinymce editor files from Joomla 5.1.
Upload folder tinymce from joomla 5.0.3 to folder: plugins/editors/tinymce. Problem solved.
Do you have a non-working video in iframe? Edit iframe in source file, remove sandbox="", save, problem solved.

Don't have the files version 5.0.3?
I have the 5.0.3 files in tinymce.zip on www.joomla-5.nl
Use the tinymce.zip in administrator, under system, install Extensions, browse and install the zip file (this replaces the tinymce folder).

Workaround:

Install TinyMCE Configuration Modifier plugin https://github.com/nikosdion/plg_system_tinymod Then add: { "sandbox_iframes": false }

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/43407.

Txs for the suggestion @macstalker !
I do confirm: with this tinymod plugin you can "tweak" TinyMCE's default configuration.
But in my case, instead of disabling sandbox altogether (it was introduced for security reasons) with
{ "sandbox_iframes": false }
I have given a try to the following configuration suggested on Mattermost by @RickR2H and I do confirm that it does work (even if we don't mention "PDF" nor "/images" nor the domain name of the concerned website)

{
    "selector": "textarea",
    "sandbox_iframes": "true",
    "sandbox_iframes_exclusions": [
        "youtube.com",
        "youtu.be",
        "vimeo.com",
        "player.vimeo.com",
        "dailymotion.com",
        "embed.music.apple.com",
        "open.spotify.com",
        "giphy.com",
        "dai.ly",
        "codepen.io"
    ]
}

it could well be that I misunderstood the advice from tinymce and applied the security fix incorrectly

it could well be that I misunderstood the advice from tinymce and applied the security fix incorrectly

I am happy that we have a workaround for this, but it is indeed weird that

• on the one hand Joomla allows to embed a PDF via the official Joomla Media Manager
• but at the same time that Joomla would block an embedded PDF when using the official Joomla Wysiwyg Editor
  :)

So I guess that

• we should at least allow embedding PDFs stored locally on the website
• and also maybe offer a way to configure those exclusions (the default list is nice for a start, but of course each website has its own needs)

Please test PR #43716. Thanks.

Workaround:
Install TinyMCE Configuration Modifier plugin https://github.com/nikosdion/plg_system_tinymod

Confirm this works great on Joomla 5.1.1

Just a tip to install this plugin you have to download the .zip file but extract the plg_system_tinymod-main\plugins\system\tinymod folder. Then make a new zip file of that tinymod folder and upload & install to joomla

{
    "selector": "textarea",
    "sandbox_iframes": "true",
    "sandbox_iframes_exclusions": [
        "youtube.com",
        "youtu.be",
        "vimeo.com",
        "player.vimeo.com",
        "dailymotion.com",
        "embed.music.apple.com",
        "open.spotify.com",
        "giphy.com",
        "dai.ly",
        "codepen.io"
    ]
}

hello i update my site in 5.1.2 but problem still here ... all my youtube video are ko, we realy need to add a plugin and this configuration ?

Disable in the TinyMCE plugin the following option:

ok thanks