Commit 97d5846a authored by Aaron Wells's avatar Aaron Wells

Remove "target" attribute from links in user-edited text

Bug 1558361: TinyMCE will filter them out on the editing
side, and HTMLPurifier will filter them out on the display
side.

behatnotneeded: Would require non-trivial new Behat step to
check whether links have "target" attribute.

Change-Id: If27462b2ca1a382ceeaadb374aade1f795f261bd
parent 3798c105
......@@ -2044,7 +2044,7 @@ function simple_resumefield_form($defaults, $goto, $options = array()) {
foreach ($simple_resume_types as $t) {
try {
$simple_resume_artefacts[$t] = artefact_instance_from_type($t);
$content = $simple_resume_artefacts[$t]->get('description');
$content = clean_html($simple_resume_artefacts[$t]->get('description'));
}
catch (Exception $e) {
$content = $defaults[$t]['default'];
......
......@@ -16,7 +16,7 @@ $config = new stdClass();
// See https://wiki.mahara.org/wiki/Developer_Area/Version_Numbering_Policy
// For upgrades on stable branches, increment the version by one. On master, use the date.
$config->version = 2014092333;
$config->version = 2014092334;
$config->series = '1.10';
$config->release = '1.10.9testing';
$config->minupgradefrom = 2009022600;
......
......@@ -194,13 +194,21 @@ EOF;
tinyMCE.init({
{$tinymceconfig}
schema: 'html4',
extended_valid_elements : "object[width|height|classid|codebase],param[name|value],embed[src|type|width|height|flashvars|wmode],script[src,type,language],+ul[id|type|compact],iframe[src|width|height|name|scrolling|frameborder|allowfullscreen|webkitallowfullscreen|mozallowfullscreen|longdesc|marginheight|marginwidth|align|title|class|type]",
urlconverter_callback : "custom_urlconvert",
extended_valid_elements:
"object[width|height|classid|codebase]"
+ ",param[name|value]"
+ ",embed[src|type|width|height|flashvars|wmode]"
+ ",script[src,type,language]"
+ ",ul[id|type|compact]"
+ ",iframe[src|width|height|name|scrolling|frameborder|allowfullscreen|webkitallowfullscreen|mozallowfullscreen|longdesc|marginheight|marginwidth|align|title|class|type]"
+ ",a[id|class|title|href|name]"
,urlconverter_callback : "custom_urlconvert",
language: '{$language}',
directionality: "{$tinymce_langdir}",
content_css : {$content_css},
remove_script_host: false,
relative_urls: false,
target_list: false,
{$extramceconfig}
setup: function(ed) {
ed.on('init', function(ed) {
......@@ -3303,7 +3311,6 @@ function clean_html($text, $xhtml=false) {
}
if ($def = $config->maybeGetRawHTMLDefinition()) {
$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
# Allow iframes with custom attributes such as fullscreen
# This overrides lib/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php
$def->addElement(
......@@ -3356,7 +3363,6 @@ function clean_html($text, $xhtml=false) {
'href' => 'URI',
'shape' => new HTMLPurifier_AttrDef_Enum(array('rect','circle','poly','default')),
'tabindex' => 'Number',
'target' => new HTMLPurifier_AttrDef_Enum(array('_blank','_self','_target','_top'))
)
);
$area->excludes = array('area' => true);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment