Permalink
Browse files

MDL-15810 whitelist _blank target in htmlpurifier cleaning

  • Loading branch information...
1 parent 1faa5a4 commit e6613a931c84acbdfbab39c5832a8e1388caa4d3 skodak committed Sep 24, 2008
Showing with 1 addition and 0 deletions.
  1. +1 −0 lib/weblib.php
View
@@ -2010,6 +2010,7 @@ function purify_html($text) {
$config->set('HTML', 'Doctype', 'XHTML 1.0 Transitional');
$config->set('Cache', 'SerializerPath', $cachedir);
$config->set('URI', 'AllowedSchemes', array('http'=>1, 'https'=>1, 'ftp'=>1, 'irc'=>1, 'nntp'=>1, 'news'=>1, 'rtsp'=>1, 'teamspeak'=>1, 'gopher'=>1, 'mms'=>1));
+ $config->set('Attr', 'AllowedFrameTargets', array('_blank'));
$purifier = new HTMLPurifier($config);
}
return $purifier->purify($text);

0 comments on commit e6613a9

Please sign in to comment.