Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Welcome to the CollectiveAccess support forum! Here the developers and community answer questions related to use of the software. Please include the following information in every new issue posted here:

  1. Version of the software that is used, along with browser and version

  2. If the issue pertains to Providence, Pawtucket or both

  3. What steps you’ve taken to try to resolve the issue

  4. Screenshots demonstrating the issue

  5. The relevant sections of your installation profile or configuration including the codes and settings defined for your local elements.


If your question pertains to data import or export, please also include:

  1. Data sample

  2. Your mapping


Answers may be delayed for posts that do not include sufficient information.

Target="_blank" in richeditor are removed

Hello,
I'm having a strange behavior (CA 1.7.6) on a texarea which is configured with a rich editor (I think it's TinyMce); hyperlink with the options target="_blank" is parsed and when saving the object the target has been removed, making the link opening always in the same window.
Is it possible to change this parsing? Or at least to skip the "target" tag?
Does someone know where this code is located?
Many thanks in advance!
Cheers,
Paulo

Comments

  • Hi Paulo7,

    I have the same problem as you. I suspect the library HTMLpurifier to remove this.
    This library is in /vendor/ezyang/htmlpurifier/
    According to the documentation, it seems that we can change parameters related to the "target" attribute, by changing these files:

    /vendor/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/Attr.AllowedFrameTargets.txt

    /vendor/ezyang/htmlpurifier/library/HTMLPurifier/ConfigSchema/schema/HTML.TargetBlank.txt

    I tried some changes (like changing "FALSE" to "TRUE"), but without success...
    Cheers,
    Clovis.

  • You can also try setting purify_all_text_input=0 in app.conf.

  • Thank you Seth, it works!

  • Keep in mind that with that option set no filtering is done. You can put any content in fields, which in some contexts might be considered a security issue

  • Hi Seth, it works! Thank you!

  • Dear @seth,
    Yes this presents a risk if someone put a malicious script in a field, but this should concern only people that have a grant access to Providence (like curators...).

    Is there any issue from someone else that we could imagine?

    For example, the "tags/comments" accessible from everyone in Pawtucket, is it always filtered even if we disable this functionality in Providence?

    Thank you.

Sign In or Register to comment.