]> BookStack Code Mirror - bookstack/commitdiff
projects / bookstack / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: a33dbcb)
WYSIWYG descriptions: Allowed anchor target attrs
authorDan Brown <redacted>
Wed, 3 Apr 2024 15:46:53 +0000 (16:46 +0100)
committerDan Brown <redacted>
Wed, 3 Apr 2024 15:46:53 +0000 (16:46 +0100)
Allowed since this is a control in the editor UI, but would previously
be stripped by editor config & server-side filtering.
For #4925

app/Util/HtmlDescriptionFilter.php patch | blob | history
resources/js/wysiwyg/config.js patch | blob | history
tests/Entity/BookTest.php patch | blob | history

diff --git a/app/Util/HtmlDescriptionFilter.php b/app/Util/HtmlDescriptionFilter.php
index 7287586d16fadff29740760599051630edf5e927..cb091b869f8fc9a2ec5d4a9ba644387612f82c95 100644 (file)
--- a/app/Util/HtmlDescriptionFilter.php
+++ b/app/Util/HtmlDescriptionFilter.php
@@ -20,7 +20,7 @@ class HtmlDescriptionFilter
      */
     protected static array $allowedAttrsByElements = [
         'p' => [],
-        'a' => ['href', 'title'],
+        'a' => ['href', 'title', 'target'],
         'ol' => [],
         'ul' => [],
         'li' => [],
diff --git a/resources/js/wysiwyg/config.js b/resources/js/wysiwyg/config.js
index e5a780d18e9ee9e2bfd052829bc0adb762da7fd9..1666aa50066af25f3ab38b12a996cce2148672bb 100644 (file)
--- a/resources/js/wysiwyg/config.js
+++ b/resources/js/wysiwyg/config.js
@@ -348,7 +348,7 @@ export function buildForInput(options) {
         toolbar: 'bold italic link bullist numlist',
         content_style: getContentStyle(options),
         file_picker_types: 'file',
-        valid_elements: 'p,a[href|title],ol,ul,li,strong,em,br',
+        valid_elements: 'p,a[href|title|target],ol,ul,li,strong,em,br',
         file_picker_callback: filePickerCallback,
         init_instance_callback(editor) {
             addCustomHeadContent(editor.getDoc());
diff --git a/tests/Entity/BookTest.php b/tests/Entity/BookTest.php
index 04dff293facd20805e1281b4264f8808470c902e..51bf65d10bb29d92668fd80bfb1614688cf73c83 100644 (file)
--- a/tests/Entity/BookTest.php
+++ b/tests/Entity/BookTest.php
@@ -266,8 +266,8 @@ class BookTest extends TestCase
     {
         $book = $this->entities->book();
 
-        $input = '<h1>Test</h1><p id="abc" href="beans">Content<a href="#cat" data-a="b">a</a><section>Hello</section></p>';
-        $expected = '<p>Content<a href="#cat">a</a></p>';
+        $input = '<h1>Test</h1><p id="abc" href="beans">Content<a href="#cat" target="_blank" data-a="b">a</a><section>Hello</section></p>';
+        $expected = '<p>Content<a href="#cat" target="_blank">a</a></p>';
 
         $this->asEditor()->put($book->getUrl(), [
             'name' => $book->name,
The core source code for the BookStack project.