Merge branch 'feature/8.5.0/DOC-3355' into feature/8.5.0/DOC-3355_TINY-14256

Author: kemister85

modules/ROOT/images/tinymceai/tinymce-ai-review-mode-suggestions-underlined-in-editor-content.png

@@ -56,6 +56,84 @@ In {productname} {release-version}, PowerPaste now correctly handles the `baseli
 
 For information on the **PowerPaste** plugin, see: xref:introduction-to-powerpaste.adoc[PowerPaste].
 
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following fixes, improvements and additions.
+
+==== Layout would shift causing the text to jump when action button appears on hover in the chat history list
+// #TINY-14157
+
+Previously, the actions container in the TinyMCE AI Chat History panel had no reserved space for the icon button that appears on hover. When hovering over a chat history item, the button became visible and caused the entire layout to shift, making content jump position unexpectedly. This resulted in jarring visual inconsistency and inconsistent spacing throughout the component.
+
+In {productname} {release-version}, the actions container now reserves minimum horizontal space to accommodate the icon button and its surrounding padding. Action buttons appear and disappear without causing layout shifts, providing smoother and more predictable interactions with the Chat History.
+
+==== Focus is no longer lost when deleting a context source using delete or backspace key.
+// #TINY-13949
+
+Previously, keyboard focus was lost when deleting a context source tag using the `Delete` or `Backspace` key in the TinyMCE AI sidebar chat view. After removing a context source, the focus disappeared entirely, making it difficult to continue keyboard navigation. This particularly affected accessibility and keyboard-only workflows.
+
+In {productname} {release-version}, focus management now tracks tag deletion events. When a context source tag is deleted, focus moves to either the previous context source tag or, when the first or only remaining tag is removed, back to the prompt input field. This ensures seamless keyboard navigation when managing context sources.
+
+==== `ToggleSidebar` events were not being triggered when toggling floating sidebars
+// #TINY-14243
+
+Previously, the `+ToggleSidebar+` event was not emitted when opening or closing floating sidebars in the TinyMCE AI plugin. Additionally, querying the current sidebar value using `+editor.queryCommandValue('ToggleSidebar')+` did not return the correct identifier when a floating sidebar was open. This made it difficult to programmatically determine the state of floating sidebars or respond to state changes.
+
+In {productname} {release-version}, floating sidebars now fully support the existing sidebar APIs. The `+ToggleSidebar+` event fires when floating sidebars are opened, closed, or switched, and `+queryCommandValue+` returns the correct sidebar identifier. This brings floating sidebars to full API parity with regular sidebars.
+
+==== AI Review suggestion cards now stay available when you close and reopen the review sidebar while suggestions are still loading
+// #TINY-14197
+
+Previously, closing the TinyMCE AI Review sidebar immediately after starting a review and then reopening it after the AI finished generating suggestions would reset the sidebar state. The suggestion cards associated with the review were not displayed, and instead the list of available reviews appeared alongside the preview. This prevented the generated suggestions from being actioned.
+
+In {productname} {release-version}, the sidebar state is now correctly preserved when the sidebar is closed and reopened during or after suggestion generation. The review suggestion cards remain visible and actionable, even if the sidebar was closed while the AI was still streaming results.
+
+==== Menus no longer close on mouse out.
+// #TINY-14055
+
+Previously, submenus in the TinyMCE AI plugin closed when the mouse pointer moved outside the menu area. This did not match the behavior of other {productname} menus, where submenus remain open until another item in the parent menu is selected or the entire menu is dismissed. The inconsistency made submenu navigation unreliable and could cause confusion during use.
+
+In {productname} {release-version}, submenus in the TinyMCE AI plugin no longer close on mouse out. Submenus now remain open until another parent menu item is selected or the menu is dismissed, matching the behavior of all other {productname} menus.
+
+==== The first loading card during a review no longer appears focused
+// #TINY-14077
+
+Previously, when running an AI review, the first skeleton card displayed in the Review sidebar while suggestions were being generated appeared with focus styles applied. Since the card content was still loading and could not be interacted with, the visible focus indicator was misleading and created a confusing user experience.
+
+In {productname} {release-version}, focus styles are no longer applied to loading cards in the Review sidebar. Cards only receive focus styling once their content has fully loaded and they can be interacted with.
+
+==== New commands for executing AI UI actions
+// #TINY-14266
+
+Previously, Quick Actions in TinyMCE AI could only be triggered through the plugin's built-in menus and toolbar buttons. Integrators who wanted to invoke these actions from custom UI elements or automation workflows had no programmatic way to do so.
+
+In {productname} {release-version}, the TinyMCE AI plugin registers a set of editor commands that mirror each Quick Action. These include commands for built-in actions such as `TinyMCEAIQuickActionImproveWriting`, `TinyMCEAIQuickActionCheckGrammar`, and `TinyMCEAIQuickActionTranslate` (which accepts a language argument), as well as `TinyMCEAIQuickActionCustom` for running a custom prompt with a specified model. A `TinyMCEAIChatPrompt` command is also available for sending a prompt directly to the Chat sidebar. For the full list of commands, see xref:tinymceai.adoc#tinymceai-plugin-commands[TinyMCE AI plugin commands].
+
+==== New optional `id` property to `tinymceai_quickactions_custom` to register the action as custom menu item
+// #TINY-14229
+
+Previously, custom quick actions defined through the xref:tinymceai.adoc#tinymceai_quickactions_custom[`+tinymceai_quickactions_custom+`] option could only appear inside a dedicated Custom submenu within the Quick Actions menu. This limited integrators who wanted custom actions to appear as top-level menu items alongside predefined actions or in other menu configurations.
+
+In {productname} {release-version}, an optional `id` property can be included in each custom quick action object. When an `id` is set, the custom action can be listed in the xref:tinymceai.adoc#tinymceai_quickactions_menu[`+tinymceai_quickactions_menu+`] array as its own top-level menu item, or included in any menubar menu or menu button configuration that accepts control identifiers.
+
+==== Loader in the chat was normal size instead of small size
+// #TINY-14155
+
+Previously, the loading spinner displayed in the AI Chat area while generating a response used the default size rather than the small size. This caused the spinner to appear visually larger than the adjacent AI response icon, creating an inconsistent appearance within the chat interface.
+
+In {productname} {release-version}, the AI Chat loading spinner is now sized to match the AI response icon dimensions, providing a consistent and polished visual experience.
+
+==== While the plugin is generating a review or quick action, the Stop button in the loading indicator receives focus
+// #TINY-14083
+
+Previously, the TinyMCE AI plugin displayed the “Stop generating” control inconsistently across different contexts. The review loading indicator used a text-based button, while the AI Chat sidebar used an icon-based button. In addition, the control did not receive focus when it appeared, which negatively impacted keyboard accessibility.
+
+In {productname} {release-version}, the stop button in the loading indicator now matches the icon button used in the AI Chat sidebar, providing a more consistent visual experience. The button also receives focus when displayed, improving keyboard navigation and accessibility during content generation.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
 
 [[accompanying-enhanced-skins-and-icon-packs-changes]]
 == Accompanying Enhanced Skins & Icon Packs changes
@@ -64,10 +142,17 @@ The {productname} {release-version} release includes an accompanying release of
 
 === Enhanced Skins & Icon Packs
 
-The **Enhanced Skins & Icon Packs** release includes the following updates:
+The **Enhanced Skins & Icon Packs** release includes the following updates and fix.
 
 The **Enhanced Skins & Icon Packs** were rebuilt to pull in the changes also incorporated into the default {productname} {release-version} skin, Oxide.
 
+==== Premium content CSS files contained extraneous styles from the default theme
+// #TINY-14129
+
+Previously, premium skin content CSS files for the fabric, fluent, material-classic, and material-outline skins imported styles from the default theme's content UI. This caused duplicate styles to load into the editor and unnecessarily increased the size of the premium content CSS files.
+
+In {productname} {release-version}, the outdated import has been removed from the premium content CSS files. The premium content CSS files now contain only the styles specific to each skin, reducing file size and eliminating duplicate style loading.
+
 For information on using Enhanced Skins & Icon Packs, see: xref:enhanced-skins-and-icon-packs.adoc[Enhanced Skins & Icon Packs].
 
 
@@ -103,6 +188,11 @@ For information on using Enhanced Skins & Icon Packs, see: xref:enhanced-skins-a
 
 // CCFR here.
 
+=== Updated the Review list accordion item background color
+// #TINY-14158
+
+The background color of accordion items in the TinyMCE AI Review list has been updated from `#F7F7F7` to `#F0F0F0` to improve visual contrast and align with the current design specifications.
+
 
 [[removed]]
 == Removed
@@ -125,6 +215,27 @@ For information on using Enhanced Skins & Icon Packs, see: xref:enhanced-skins-a
 
 // CCFR here.
 
+=== Certain combinations of divs inside of lists would cause issues turning off lists
+// #TINY-14070
+
+Previously, certain combinations of `+div+` elements inside list items could prevent lists from being toggled off. The list detection logic would prematurely identify a `+div+` within a list item as a list host rather than recognizing it as content inside an existing list. This made it impossible to remove the list formatting in affected content structures.
+
+In {productname} {release-version}, the list detection logic now correctly identifies when a `+div+` is inside a list and locates the parent list before treating the element as a host. Lists with nested `+div+` elements can now be toggled off as expected.
+
+=== Script and style elements would incorrectly be removed by DOMPurify when considered valid in the schema
+// #TINY-9655
+
+Previously, `script` and `style` elements that were explicitly allowed through xref:content-filtering.adoc#valid_elements[`+valid_elements+`] or xref:content-filtering.adoc#extended_valid_elements[`+extended_valid_elements+`] were removed during the sanitization process when xref:content-filtering.adoc#xss_sanitization[`+xss_sanitization+`] was enabled. DOMPurify flagged these elements as potential mXSS vectors and removed them entirely, even when the schema configuration indicated they were valid.
+
+In {productname} {release-version}, `script` and `style` elements that are considered valid in the schema are retained during sanitization. The sanitization process still removes unsafe attributes and content, but no longer removes the entire element when the schema explicitly allows it.
+
+=== Iframe elements with children would incorrectly be removed by DOMPurify
+// #TINY-9655
+
+Previously, `iframe` elements that contained child nodes were removed entirely during the sanitization process. DOMPurify treated the presence of child nodes within an `iframe` as a potential mXSS risk and stripped the entire element from the content.
+
+In {productname} {release-version}, `iframe` elements are preserved during sanitization. Any child nodes and unsafe or invalid attributes are removed, but the `iframe` element itself remains in the editor content.
+
 
 [[security-fixes]]
 == Security fixes

modules/ROOT/pages/8.5.0-release-notes.adoc

@@ -41,7 +41,7 @@ include::partial$misc/bundling-guide-link.adoc[]
 [WARNING]
 ====
 **Certain elements may be removed by XSS sanitization**  
-By default, {productname} sanitizes HTML content to protect against XSS attacks. Elements outside the HTML5 specification, such as `<script>`, are removed. Standard `<meta>` tags are preserved, but attributes not defined in the HTML5 spec (for example, the RDFa `property` attribute) require explicit configuration to be retained.
+By default, {productname} sanitizes HTML content to protect against XSS attacks. Elements outside the HTML5 specification, such as `<script>`, are removed unless explicitly allowed through xref:content-filtering.adoc#valid_elements[`+valid_elements+`] or xref:content-filtering.adoc#extended_valid_elements[`+extended_valid_elements+`]. Standard `<meta>` tags are preserved, but attributes not defined in the HTML5 spec (for example, the RDFa `property` attribute) require explicit configuration to be retained.
 
 If integrators encounter issues with required elements being removed, the following configuration options are available. These options reduce security and should be used with caution: