From 3c24a39108b8e6b0c6ce74adfdb2ada97e1d948d Mon Sep 17 00:00:00 2001 From: skodak Date: Wed, 24 Sep 2008 21:39:47 +0000 Subject: [PATCH] MDL-15810 whitelist _blank target in htmlpurifier cleaning; merged from MOODLE_19_STABLE --- lib/weblib.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/weblib.php b/lib/weblib.php index 656a382c98..33083fbd52 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -1886,6 +1886,7 @@ function purify_html($text) { $config->set('HTML', 'Doctype', 'XHTML 1.0 Transitional'); $config->set('Cache', 'SerializerPath', $cachedir); $config->set('URI', 'AllowedSchemes', array('http'=>1, 'https'=>1, 'ftp'=>1, 'irc'=>1, 'nntp'=>1, 'news'=>1, 'rtsp'=>1, 'teamspeak'=>1, 'gopher'=>1, 'mms'=>1)); + $config->set('Attr', 'AllowedFrameTargets', array('_blank')); $purifier = new HTMLPurifier($config); } return $purifier->purify($text); -- 2.39.5