Make WordPress Core

Opened 15 years ago

Last modified 3 days ago

#12056 new enhancement

target="_blank" being stripped from Profile Bio and Category Description

Reported by: lovewpmu's profile lovewpmu Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 2.9.2
Component: Formatting Keywords: gsoc kses has-patch dev-feedback needs-testing-info needs-unit-tests
Focuses: Cc:

Description

Many apologies if this is a duplicate. I have searched but did not find it yet posted.

I noticed that target="_blank" is being stripped from my "a href" tags my profile "Biographical Info" field even though the "a href" with the URL and closing tag still remain. It happens every time I save my profile.

This was independently verified.

It is a regular wordpress install running 2.9.1 (not wordpressmu, etc.).

My original thread can be found here:
http://wordpress.org/support/topic/355388?replies=1

Attachments (1)

12056.diff (324 bytes) - added by nofearinc 11 years ago.
sample target addition to $allowedtags

Download all attachments as: .zip

Change History (29)

#1 @miqrogroove
15 years ago

The target attribute is still valid as of XHTML 1.0 Transitional, but you will probably have to use onclick instead. Probably neither are allowed to non-administrators.

#2 @lovewpmu
15 years ago

there is no reason why someone who is filling out their bio with links to the relevant online info should need to code in javascript. in fact, most people using wordpress -- ie. the common user -- probably cannot. i believe the links on the HTML generated for posts, _blank is used for the "Open in New Window" option.

this should be standardized and completely independent from whether one is or is not an administrator.

#3 @miqrogroove
15 years ago

It does seem to be using the same filters for admins. That's a bit surprising.

#4 @miqrogroove
15 years ago

It's set up as a default filter for pre_user_description so you could override that with a plugin.

You might have a case for enabling unfiltered bios for administrators, but beyond that I think the "it's allowed in posts" argument isn't going to fly. WordPress explicitly filters bios the same way as comments instead of posts.

#5 @nacin
15 years ago

  • Milestone changed from 2.9.2 to Future Release

#6 @bsutcliffe
14 years ago

  • Cc bsutcliffe added
  • Keywords html strip profile bio category description link target added
  • Summary changed from target="_blank" being stripped from Profile Bio to target="_blank" being stripped from Profile Bio and Category Description
  • Version set to 2.9.2

This also occurs in category descriptions. If I add a link to one of my category descriptions and specify target="_blank", the target reference gets stripped out when saving. Unlike bios, this filter definitely should not be applied.

#7 @bsutcliffe
14 years ago

  • Cc bsutcliffe removed
  • Keywords html strip profile bio category description link target removed

#8 @wojtek.szkutnik
14 years ago

  • Keywords gsoc added

#9 @sjefen6
13 years ago

Images, lists and class specifications are also being stripped away from category descriptions. What is the reasoning for being so strict with category descriptions?

@nofearinc
11 years ago

sample target addition to $allowedtags

#10 @nofearinc
11 years ago

Adding the target to the anchor array of $allowedtags would solve that globally in kses.php after the default filters are applied in default-filters.php, but I guess there might be a security risk with adding a frame target to external location? I've uploaded a sample proof of concept above.

Not sure if there is a way to globally allow a given value for an attribute in $allowedtags.

#11 @nacin
11 years ago

  • Component changed from General to Formatting
  • Type changed from defect (bug) to enhancement

This is "intentional" but we may be able to fix this now. kses can now make changes based on a particular filter. Otherwise changing $allowedtags would open this up for comments.

#12 @miqrogroove
10 years ago

  • Keywords kses added

#13 @harmr
8 years ago

+1 for enabling href/target by default for $allowedtags

#14 @blogitsolutions
7 years ago

+1 for enabling _blank (ticket is now 8 years old)

Last edited 7 years ago by blogitsolutions (previous) (diff)

#15 @spacedmonkey
7 years ago

  • Keywords has-patch dev-feedback added
  • Milestone changed from Future Release to 5.0

#16 @stefahn
7 years ago

+1 for letting us open links in the author bio in a new tab.

#17 @johnbillion
6 years ago

  • Milestone changed from 5.0 to Future Release

#18 @ctrlaltdelete
6 years ago

Awesome.

Last edited 6 years ago by ctrlaltdelete (previous) (diff)

#19 @arvindwp
5 years ago

Not yet resolved? facing same issue. Author social bio should not cause visitor to mve away from website. Any fix?

#20 @nofearinc
5 years ago

Just tested my 2013 patch above and it still works here. Once applied, you can save target="_blank" to your bio and it no longer gets stripped.

#21 @stefahn
5 years ago

Who will merge this patch into master?

This ticket was mentioned in PR #6866 on WordPress/wordpress-develop by @nirajgirixd.


4 months ago
#22

## Description

This PR ensures that target="_blank" is preserved in the Biographical Info and Category Description fields to maintain the intended link behavior.

## Changes Made

  • Add target attribute for anchor tag in $allowedtags in wp-includes/kses.php.

## Trac ticket: https://core.trac.wordpress.org/ticket/12056

@martin.krcho commented on PR #6866:


4 months ago
#23

This change will affect the behaviour of all kses_* functions. I am not sure if that is desired.

@nirajgirixd commented on PR #6866:


3 months ago
#24

@martinkrcho You are right; changing the $allowedtags would indeed affect the behaviour of all kses_* functions, which might not be ideal. I will look for an alternative solution.

@nirajgirixd commented on PR #6866:


4 days ago
#25

@martinkrcho Could you please take a look at the PR and let me know if the new changes are satisfactory?

@martin.krcho commented on PR #6866:


4 days ago
#26

@nirajgiriXD I prefer this approach to the previous one. It affects only a limited number of filters.

Would you be able to provide unit tests or provide instructions for manual testing (in the Trac ticket)?

#27 @martin.krcho
4 days ago

  • Keywords needs-testing-info needs-unit-tests added

@nirajgirixd commented on PR #6866:


3 days ago
#28

@martinkrcho I've added the testing instructions along with some screenshots to the PR description.

Note: See TracTickets for help on using tickets.