Commit ce4e3d8a authored by Robert Lyon's avatar Robert Lyon
Browse files

Bug 1802205: All external links to be opened in new tab/window by default



Except for those that have 'target="_self"'

And also have any internal links with 'target="_blank"' to open
externally

Open them in safe noopener way

behatnotneeded

Change-Id: I445034bb2fd2e039c9380dc7a1b29382542e7100
Signed-off-by: Robert Lyon's avatarRobert Lyon <robertl@catalyst.net.nz>
parent bd699964
......@@ -1070,18 +1070,21 @@ Number.isInteger = Number.isInteger || function(value) {
* Replace target=_blank with JS opener for security reasons
*/
jQuery(function($) {
$("a[target='_blank']").each(function() {
var link = $(this);
link.removeAttr('target');
link.off('click');
link.on('click', function(e) {
e.stopPropagation();
e.preventDefault();
var newWnd = window;
newWnd.opener = null;
newWnd.open(link.prop('href'), '_blank');
});
$("a").each(function() {
var url = $(this).attr('href');
if ($(this).attr('target') == '_blank' || (url.match("^http") && !url.match(config.wwwroot) && $(this).attr('target') != '_self')) {
var link = $(this);
link.removeAttr('target');
link.off('click');
link.on('click', function(e) {
e.stopPropagation();
e.preventDefault();
var newWnd = window;
newWnd.opener = null;
newWnd.open(link.prop('href'), '_blank');
});
}
});
});
......
......@@ -133,6 +133,7 @@ $string['sortorder'] = 'Sort order of files';
$string['All'] = 'All';
$string['Allinstitutions'] = 'All institutions';
$string['none'] = 'None';
$string['samepage'] = 'Same page';
$string['selectall'] = 'Select all';
$string['selectnone'] = 'Select none';
......
......@@ -329,7 +329,7 @@ EOF;
toolbar: {$toolbar[0]},
EOF;
}
$samepage = get_string('samepage', 'mahara');
$headers[] = <<<EOF
<script>
tinyMCE.init({
......@@ -342,7 +342,7 @@ tinyMCE.init({
+ ",script[src,type,language]"
+ ",ul[id|type|compact]"
+ ",iframe[src|width|height|name|scrolling|frameborder|allowfullscreen|webkitallowfullscreen|mozallowfullscreen|longdesc|marginheight|marginwidth|align|title|class|type]"
+ ",a[id|class|title|href|name]"
+ ",a[id|class|title|href|name|target]"
+ ",button[id|class|title]"
,urlconverter_callback : "custom_urlconvert",
language: '{$language}',
......@@ -351,7 +351,11 @@ tinyMCE.init({
font_formats: 'Andale Mono=andale mono,times;Arial=arial,helvetica,sans-serif;Arial Black=arial black,avant garde;Book Antiqua=book antiqua,palatino;Comic Sans MS=comic sans ms,sans-serif;Courier New=courier new,courier;Georgia=georgia,palatino;Helvetica=helvetica;Impact=impact,chicago;Open Sans=Open Sans;Symbol=symbol;Tahoma=tahoma,arial,helvetica,sans-serif;Terminal=terminal,monaco;Times New Roman=times new roman,times;Trebuchet MS=trebuchet ms,geneva;Verdana=verdana,geneva;Webdings=webdings;Wingdings=wingdings,zapf dingbats;',
remove_script_host: false,
relative_urls: false,
target_list: false,
target_list: [
{title: 'None', value: ''},
{title: "{$samepage}", value: '_self'}, // This one is not translated in tinymce lang files
{title: 'New window', value: '_blank'}
],
link_list: function(success) {
// Only show the list of links in the normal user section
if ({$inpersonalarea}) {
......@@ -3826,6 +3830,7 @@ function clean_html($text, $xhtml=false) {
}
if ($def = $config->maybeGetRawHTMLDefinition()) {
$def->addAttribute('a', 'target', 'Enum#_blank,_self');
# Allow iframes with custom attributes such as fullscreen
# This overrides lib/htmlpurifier/HTMLPurifier/HTMLModule/Iframe.php
$def->addElement(
......
......@@ -34,4 +34,6 @@ Scenario:
And I should see images within the block "Some HTML"
And I follow "mahara manual"
And I wait "2" seconds
And I switch to the new window
Then I should see "This is the user manual for Mahara"
And I switch to the main window
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment