Opened 13 years ago
Last modified 4 years ago
#12056 new enhancement
target="_blank" being stripped from Profile Bio and Category Description
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 2.9.2 |
Component: | Formatting | Keywords: | gsoc kses has-patch dev-feedback |
Focuses: | Cc: |
Description
Many apologies if this is a duplicate. I have searched but did not find it yet posted.
I noticed that target="_blank" is being stripped from my "a href" tags my profile "Biographical Info" field even though the "a href" with the URL and closing tag still remain. It happens every time I save my profile.
This was independently verified.
It is a regular wordpress install running 2.9.1 (not wordpressmu, etc.).
My original thread can be found here:
http://wordpress.org/support/topic/355388?replies=1
Attachments (1)
Change History (22)
#2
@
13 years ago
there is no reason why someone who is filling out their bio with links to the relevant online info should need to code in javascript. in fact, most people using wordpress -- ie. the common user -- probably cannot. i believe the links on the HTML generated for posts, _blank is used for the "Open in New Window" option.
this should be standardized and completely independent from whether one is or is not an administrator.
#4
@
13 years ago
It's set up as a default filter for pre_user_description so you could override that with a plugin.
You might have a case for enabling unfiltered bios for administrators, but beyond that I think the "it's allowed in posts" argument isn't going to fly. WordPress explicitly filters bios the same way as comments instead of posts.
#6
@
13 years ago
- Cc bsutcliffe added
- Keywords html strip profile bio category description link target added
- Summary changed from target="_blank" being stripped from Profile Bio to target="_blank" being stripped from Profile Bio and Category Description
- Version set to 2.9.2
This also occurs in category descriptions. If I add a link to one of my category descriptions and specify target="_blank"
, the target reference gets stripped out when saving. Unlike bios, this filter definitely should not be applied.
#7
@
13 years ago
- Cc bsutcliffe removed
- Keywords html strip profile bio category description link target removed
#9
@
12 years ago
Images, lists and class specifications are also being stripped away from category descriptions. What is the reasoning for being so strict with category descriptions?
#10
@
9 years ago
Adding the target to the anchor array of $allowedtags
would solve that globally in kses.php after the default filters are applied in default-filters.php, but I guess there might be a security risk with adding a frame target to external location? I've uploaded a sample proof of concept above.
Not sure if there is a way to globally allow a given value for an attribute in $allowedtags
.
#11
@
9 years ago
- Component changed from General to Formatting
- Type changed from defect (bug) to enhancement
This is "intentional" but we may be able to fix this now. kses can now make changes based on a particular filter. Otherwise changing $allowedtags would open this up for comments.
#15
@
6 years ago
- Keywords has-patch dev-feedback added
- Milestone changed from Future Release to 5.0
#19
@
4 years ago
Not yet resolved? facing same issue. Author social bio should not cause visitor to mve away from website. Any fix?
The target attribute is still valid as of XHTML 1.0 Transitional, but you will probably have to use onclick instead. Probably neither are allowed to non-administrators.