diff --git a/app/Util/ConfiguredHtmlPurifier.php b/app/Util/ConfiguredHtmlPurifier.php index ab23333882a..1f2528e7155 100644 --- a/app/Util/ConfiguredHtmlPurifier.php +++ b/app/Util/ConfiguredHtmlPurifier.php @@ -71,6 +71,8 @@ protected function setConfig(HTMLPurifier_Config $config, string $cachePath): vo $config->set('Core.AllowHostnameUnderscore', true); $config->set('CSS.AllowTricky', true); $config->set('HTML.SafeIframe', true); + $config->set('HTML.TargetNoopener', false); + $config->set('HTML.TargetNoreferrer', false); $config->set('Attr.EnableID', true); $config->set('Attr.ID.HTML5', true); $config->set('Output.FixInnerHTML', false); @@ -141,6 +143,12 @@ public function configureDefinition(HTMLPurifier_HTMLDefinition $definition): vo 'drawio-diagram', 'Number', ); + + // Allow target="_blank" on links + $definition->addAttribute('a', 'target', 'Enum#_blank'); + + // Allow mention-ids on links + $definition->addAttribute('a', 'data-mention-user-id', 'Number'); } public function purify(string $html): string diff --git a/tests/Entity/PageContentFilteringTest.php b/tests/Entity/PageContentFilteringTest.php index 4f77e063369..449189a898c 100644 --- a/tests/Entity/PageContentFilteringTest.php +++ b/tests/Entity/PageContentFilteringTest.php @@ -478,4 +478,25 @@ public function test_allow_list_style_filtering() $resp->assertSee($expected, false); } } + + public function test_allow_list_does_not_filter_cases() + { + $testCasesExpectedByInput = [ + '

New tab linkydoodle

', + '

@mentionusertext

', + '
Hello

Mydetailshere

', + ]; + + config()->set('app.content_filtering', 'a'); + $page = $this->entities->page(); + $this->asEditor(); + + foreach ($testCasesExpectedByInput as $input) { + $page->html = $input; + $page->save(); + $resp = $this->get($page->getUrl()); + + $resp->assertSee($input, false); + } + } }