You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating a dashboard and using Markdown to create a hyperlink (<a>), the target attribute is stripped, even if explicitly included in the raw Markdown input. This prevents the ability to use target="_blank" to open links in a new tab, which is a common use case in dashboards.
Upon reviewing the source code, the issue seems to originate from the following function. The target attribute for <a> tags is not currently included in the safe_markdown_attrs, causing it to be stripped during the sanitization process.
Proposed Solution
Add the target attribute to the allowed attributes for <a> tags in the safe_markdown_attrs:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Issue
When creating a dashboard and using Markdown to create a hyperlink (
<a>), thetargetattribute is stripped, even if explicitly included in the raw Markdown input. This prevents the ability to usetarget="_blank"to open links in a new tab, which is a common use case in dashboards.Upon reviewing the source code, the issue seems to originate from the following function. The
targetattribute for<a>tags is not currently included in thesafe_markdown_attrs, causing it to be stripped during the sanitization process.Proposed Solution
Add the
targetattribute to the allowed attributes for<a>tags in thesafe_markdown_attrs:Additionally, consider enforcing the use of
rel="noopener noreferrer"for security purposes whentarget="_blank"is used.Beta Was this translation helpful? Give feedback.
All reactions