HTML purifier filters "target" atribute

My journal configs allows anchors as follows: “a[href|target]” but only href works (target is filtered).

This post talks about similar issue: HTML tag allowed

I’m unsure if is just me using a wrong syntax (I tried some variations… and the funny part is that href works as expected) or is an real issue related with the htmlpurifier update.

As far as I understand, htmlpurifier changed the way it deals with target attributes:
http://htmlpurifier.org/phorum/read.php?3,7023

And now, this setting we need to be explicit:
$config->set('HTML.TargetBlank', true);

Is somebody in the same situation?

Cheers,
m.

1 Like

Hi @marc,

Yes, I believe you’ll need to add that to lib/pkp/classes/core/String.inc.php in the stripUnsafeHtml function. The target attribute, if I recall, is not technically valid XHTML – so just adding it to the allowed attribute list isn’t sufficient. You also need to tell the HTML Purifier library not to worry overmuch about validity.

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

I’m not really very concerned about this. Just wondering if it’s a common issue and if make sense to fix it for everybody.

A perfect solution would be a config variable, but meanwhile I think I can offer myself to make a patch to allow targets in ojs by default.

Take care,
m.

Hi @marc,

The trouble with this solution is that it works, but it’s technically invalid XHTML. For future releases (OMP / OJS 3.0) we’ve moved away from XHTML and the existing configuration variable should be sufficient. For now I’d suggest maintaining a local modification.

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like