mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-11-22 13:44:47 +08:00
WYSIWYG descriptions: Allowed anchor target attrs
Allowed since this is a control in the editor UI, but would previously be stripped by editor config & server-side filtering. For #4925
This commit is contained in:
parent
a33dbcb04a
commit
19f78dbe6c
|
@ -20,7 +20,7 @@ class HtmlDescriptionFilter
|
|||
*/
|
||||
protected static array $allowedAttrsByElements = [
|
||||
'p' => [],
|
||||
'a' => ['href', 'title'],
|
||||
'a' => ['href', 'title', 'target'],
|
||||
'ol' => [],
|
||||
'ul' => [],
|
||||
'li' => [],
|
||||
|
|
|
@ -348,7 +348,7 @@ export function buildForInput(options) {
|
|||
toolbar: 'bold italic link bullist numlist',
|
||||
content_style: getContentStyle(options),
|
||||
file_picker_types: 'file',
|
||||
valid_elements: 'p,a[href|title],ol,ul,li,strong,em,br',
|
||||
valid_elements: 'p,a[href|title|target],ol,ul,li,strong,em,br',
|
||||
file_picker_callback: filePickerCallback,
|
||||
init_instance_callback(editor) {
|
||||
addCustomHeadContent(editor.getDoc());
|
||||
|
|
|
@ -266,8 +266,8 @@ class BookTest extends TestCase
|
|||
{
|
||||
$book = $this->entities->book();
|
||||
|
||||
$input = '<h1>Test</h1><p id="abc" href="beans">Content<a href="#cat" data-a="b">a</a><section>Hello</section></p>';
|
||||
$expected = '<p>Content<a href="#cat">a</a></p>';
|
||||
$input = '<h1>Test</h1><p id="abc" href="beans">Content<a href="#cat" target="_blank" data-a="b">a</a><section>Hello</section></p>';
|
||||
$expected = '<p>Content<a href="#cat" target="_blank">a</a></p>';
|
||||
|
||||
$this->asEditor()->put($book->getUrl(), [
|
||||
'name' => $book->name,
|
||||
|
|
Loading…
Reference in New Issue
Block a user