From ba4d5480583f91c5d92e1117a21997c0239f6a21 Mon Sep 17 00:00:00 2001
From: Koosha Khajeh Moogahi <koosha.khajeh@gmail.com>
Date: Tue, 26 Jun 2012 19:02:41 +0200
Subject: Bug 635882: html_light_quote() should accept the "target" attribute
 for links r/a=LpSolit

---
 Bugzilla/Util.pm | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'Bugzilla/Util.pm')

diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 9e2e1fecd..810c6972f 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -136,12 +136,13 @@ sub html_light_quote {
         # Specific rules for allowed elements. If no specific rule is set
         # for a given element, then the default is used.
         my @rules = (a => {
-                           href  => $protocol_regexp,
-                           title => 1,
-                           id    => 1,
-                           name  => 1,
-                           class => 1,
-                           '*'   => 0, # Reject all other attributes.
+                           href   => $protocol_regexp,
+                           target => qr{^(?:_blank|_parent|_self|_top)$}i,
+                           title  => 1,
+                           id     => 1,
+                           name   => 1,
+                           class  => 1,
+                           '*'    => 0, # Reject all other attributes.
                           },
                      blockquote => {
                                     cite => $protocol_regexp,
-- 
cgit v1.2.3-24-g4f1b