Merge branch 'feature/8.5.0/DOC-3355' into feature/8.5.0/DOC-3355_TINY-14070

Author: kemister85

modules/ROOT/images/tinymceai/tinymce-ai-review-mode-suggestions-underlined-in-editor-content.png

@@ -29,6 +29,21 @@ include::partial$misc/admon-releasenotes-for-stable.adoc[]
 
 The following premium plugin updates were released alongside {productname} {release-version}.
 
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following fix.
+
+==== AI Review suggestion cards now stay available when you close and reopen the review sidebar while suggestions are still loading
+// #TINY-14197
+
+Previously, closing the TinyMCE AI Review sidebar immediately after starting a review and then reopening it after the AI finished generating suggestions would reset the sidebar state. The suggestion cards associated with the review were not displayed, and instead the list of available reviews appeared alongside the preview. This prevented the generated suggestions from being actioned.
+
+In {productname} {release-version}, the sidebar state is now correctly preserved when the sidebar is closed and reopened during or after suggestion generation. The review suggestion cards remain visible and actionable, even if the sidebar was closed while the AI was still streaming results.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
 === <Premium plugin name 1> <Premium plugin name 1 version>
 
 The {productname} {release-version} release includes an accompanying release of the **<Premium plugin name 1>** premium plugin.
@@ -41,6 +56,101 @@ The {productname} {release-version} release includes an accompanying release of
 
 For information on the **<Premium plugin name 1>** plugin, see: xref:<plugincode>.adoc[<Premium plugin name 1>].
 
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following fix.
+
+==== Menus no longer close on mouse out.
+// #TINY-14055
+
+Previously, submenus in the TinyMCE AI plugin closed when the mouse pointer moved outside the menu area. This did not match the behavior of other {productname} menus, where submenus remain open until another item in the parent menu is selected or the entire menu is dismissed. The inconsistency made submenu navigation unreliable and could cause confusion during use.
+
+In {productname} {release-version}, submenus in the TinyMCE AI plugin no longer close on mouse out. Submenus now remain open until another parent menu item is selected or the menu is dismissed, matching the behavior of all other {productname} menus.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
+
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following fix.
+
+==== The first loading card during a review no longer appears focused
+// #TINY-14077
+
+Previously, when running an AI review, the first skeleton card displayed in the Review sidebar while suggestions were being generated appeared with focus styles applied. Since the card content was still loading and could not be interacted with, the visible focus indicator was misleading and created a confusing user experience.
+
+In {productname} {release-version}, focus styles are no longer applied to loading cards in the Review sidebar. Cards only receive focus styling once their content has fully loaded and they can be interacted with.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
+
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following addition.
+
+==== New commands for executing AI UI actions
+// #TINY-14266
+
+Previously, Quick Actions in TinyMCE AI could only be triggered through the plugin's built-in menus and toolbar buttons. Integrators who wanted to invoke these actions from custom UI elements or automation workflows had no programmatic way to do so.
+
+In {productname} {release-version}, the TinyMCE AI plugin registers a set of editor commands that mirror each Quick Action. These include commands for built-in actions such as `TinyMCEAIQuickActionImproveWriting`, `TinyMCEAIQuickActionCheckGrammar`, and `TinyMCEAIQuickActionTranslate` (which accepts a language argument), as well as `TinyMCEAIQuickActionCustom` for running a custom prompt with a specified model. A `TinyMCEAIChatPrompt` command is also available for sending a prompt directly to the Chat sidebar. For the full list of commands, see xref:tinymceai.adoc#tinymceai-plugin-commands[TinyMCE AI plugin commands].
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
+
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following addition.
+
+==== New optional `id` property to `tinymceai_quickactions_custom` to register the action as custom menu item
+// #TINY-14229
+
+Previously, custom quick actions defined through the xref:tinymceai.adoc#tinymceai_quickactions_custom[`+tinymceai_quickactions_custom+`] option could only appear inside a dedicated Custom submenu within the Quick Actions menu. This limited integrators who wanted custom actions to appear as top-level menu items alongside predefined actions or in other menu configurations.
+
+In {productname} {release-version}, an optional `id` property can be included in each custom quick action object. When an `id` is set, the custom action can be listed in the xref:tinymceai.adoc#tinymceai_quickactions_menu[`+tinymceai_quickactions_menu+`] array as its own top-level menu item, or included in any menubar menu or menu button configuration that accepts control identifiers.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
+
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following fix.
+
+==== Loader in the chat was normal size instead of small size
+// #TINY-14155
+
+Previously, the loading spinner displayed in the AI Chat area while generating a response used the default size rather than the small size. This caused the spinner to appear visually larger than the adjacent AI response icon, creating an inconsistent appearance within the chat interface.
+
+In {productname} {release-version}, the AI Chat loading spinner is now sized to match the AI response icon dimensions, providing a consistent and polished visual experience.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
+
+=== TinyMCE AI
+
+The {productname} {release-version} release includes an accompanying release of the **TinyMCE AI** premium plugin.
+
+**TinyMCE AI** includes the following improvement.
+
+==== While the plugin is generating a review or quick action, the Stop button in the loading indicator receives focus
+// #TINY-14083
+
+Previously, the TinyMCE AI plugin displayed the “Stop generating” control inconsistently across different contexts. The review loading indicator used a text-based button, while the AI Chat sidebar used an icon-based button. In addition, the control did not receive focus when it appeared, which negatively impacted keyboard accessibility.
+
+In {productname} {release-version}, the stop button in the loading indicator now matches the icon button used in the AI Chat sidebar, providing a more consistent visual experience. The button also receives focus when displayed, improving keyboard navigation and accessibility during content generation.
+
+For information on the **TinyMCE AI** plugin, see: xref:tinymceai.adoc[TinyMCE AI].
+
 
 [[accompanying-enhanced-skins-and-icon-packs-changes]]
 == Accompanying Enhanced Skins & Icon Packs changes
@@ -88,6 +198,11 @@ For information on using Enhanced Skins & Icon Packs, see: xref:enhanced-skins-a
 
 // CCFR here.
 
+=== Updated the Review list accordion item background color
+// #TINY-14158
+
+The background color of accordion items in the TinyMCE AI Review list has been updated from `#F7F7F7` to `#F0F0F0` to improve visual contrast and align with the current design specifications.
+
 
 [[removed]]
 == Removed
@@ -117,6 +232,20 @@ Previously, certain combinations of `+div+` elements inside list items could pre
 
 In {productname} {release-version}, the list detection logic now correctly identifies when a `+div+` is inside a list and locates the parent list before treating the element as a host. Lists with nested `+div+` elements can now be toggled off as expected.
 
+=== Script and style elements would incorrectly be removed by DOMPurify when considered valid in the schema
+// #TINY-9655
+
+Previously, `script` and `style` elements that were explicitly allowed through xref:content-filtering.adoc#valid_elements[`+valid_elements+`] or xref:content-filtering.adoc#extended_valid_elements[`+extended_valid_elements+`] were removed during the sanitization process when xref:content-filtering.adoc#xss_sanitization[`+xss_sanitization+`] was enabled. DOMPurify flagged these elements as potential mXSS vectors and removed them entirely, even when the schema configuration indicated they were valid.
+
+In {productname} {release-version}, `script` and `style` elements that are considered valid in the schema are retained during sanitization. The sanitization process still removes unsafe attributes and content, but no longer removes the entire element when the schema explicitly allows it.
+
+=== Iframe elements with children would incorrectly be removed by DOMPurify
+// #TINY-9655
+
+Previously, `iframe` elements that contained child nodes were removed entirely during the sanitization process. DOMPurify treated the presence of child nodes within an `iframe` as a potential mXSS risk and stripped the entire element from the content.
+
+In {productname} {release-version}, `iframe` elements are preserved during sanitization. Any child nodes and unsafe or invalid attributes are removed, but the `iframe` element itself remains in the editor content.
+
 
 [[security-fixes]]
 == Security fixes

modules/ROOT/pages/8.5.0-release-notes.adoc

@@ -41,7 +41,7 @@ include::partial$misc/bundling-guide-link.adoc[]
 [WARNING]
 ====
 **Certain elements may be removed by XSS sanitization**  
-By default, {productname} sanitizes HTML content to protect against XSS attacks. Elements outside the HTML5 specification, such as `<script>`, are removed. Standard `<meta>` tags are preserved, but attributes not defined in the HTML5 spec (for example, the RDFa `property` attribute) require explicit configuration to be retained.
+By default, {productname} sanitizes HTML content to protect against XSS attacks. Elements outside the HTML5 specification, such as `<script>`, are removed unless explicitly allowed through xref:content-filtering.adoc#valid_elements[`+valid_elements+`] or xref:content-filtering.adoc#extended_valid_elements[`+extended_valid_elements+`]. Standard `<meta>` tags are preserved, but attributes not defined in the HTML5 spec (for example, the RDFa `property` attribute) require explicit configuration to be retained.
 
 If integrators encounter issues with required elements being removed, the following configuration options are available. These options reduce security and should be used with caution: