Bug 635882: html_light_quote() should accept the "target" attribute for links

author Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>

Tue, 26 Jun 2012 17:02:41 +0000 (19:02 +0200)

committer Frédéric Buclin <LpSolit@gmail.com>

Tue, 26 Jun 2012 17:02:41 +0000 (19:02 +0200)
author Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
Tue, 26 Jun 2012 17:02:41 +0000 (19:02 +0200)
committer Frédéric Buclin <LpSolit@gmail.com>
Tue, 26 Jun 2012 17:02:41 +0000 (19:02 +0200)
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm

index 9e2e1fecd3fa1015e129dfc402cac52701323851..810c6972fea50b473658dac24704db33e413d1cd 100644 (file)
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -136,12 +136,13 @@ sub html_light_quote {
          # Specific rules for allowed elements. If no specific rule is set
          # for a given element, then the default is used.
          my @rules = (a => {
-                           href  => $protocol_regexp,
-                           title => 1,
-                           id    => 1,
-                           name  => 1,
-                           class => 1,
-                           '*'   => 0, # Reject all other attributes.
+                           href   => $protocol_regexp,
+                           target => qr{^(?:_blank|_parent|_self|_top)$}i,
+                           title  => 1,
+                           id     => 1,
+                           name   => 1,
+                           class  => 1,
+                           '*'    => 0, # Reject all other attributes.
                            },
                       blockquote => {
                                      cite => $protocol_regexp,
author	Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
	Tue, 26 Jun 2012 17:02:41 +0000 (19:02 +0200)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Tue, 26 Jun 2012 17:02:41 +0000 (19:02 +0200)