WYSIWYG descriptions: Allowed anchor target attrs

Allowed since this is a control in the editor UI, but would previously
be stripped by editor config & server-side filtering.
For #4925

app/Util/HtmlDescriptionFilter.php

@@ -20,7 +20,7 @@ class HtmlDescriptionFilter
      */
     protected static array $allowedAttrsByElements = [
         'p' => [],
-        'a' => ['href', 'title'],
+        'a' => ['href', 'title', 'target'],
         'ol' => [],
         'ul' => [],
         'li' => [],

resources/js/wysiwyg/config.js

@@ -348,7 +348,7 @@ export function buildForInput(options) {
         toolbar: 'bold italic link bullist numlist',
         content_style: getContentStyle(options),
         file_picker_types: 'file',
-        valid_elements: 'p,a[href|title],ol,ul,li,strong,em,br',
+        valid_elements: 'p,a[href|title|target],ol,ul,li,strong,em,br',
         file_picker_callback: filePickerCallback,
         init_instance_callback(editor) {
             addCustomHeadContent(editor.getDoc());

tests/Entity/BookTest.php

@@ -266,8 +266,8 @@ class BookTest extends TestCase
     {
         $book = $this->entities->book();
 
-        $input = '<h1>Test</h1><p id="abc" href="beans">Content<a href="#cat" data-a="b">a</a><section>Hello</section></p>';
+        $input = '<h1>Test</h1><p id="abc" href="beans">Content<a href="#cat" target="_blank" data-a="b">a</a><section>Hello</section></p>';
-        $expected = '<p>Content<a href="#cat">a</a></p>';
+        $expected = '<p>Content<a href="#cat" target="_blank">a</a></p>';
 
         $this->asEditor()->put($book->getUrl(), [
             'name' => $book->name,