Whitelist the "target" link attribute in the XSS filter

author James Moger <james.moger@gitblit.com>

Tue, 4 Nov 2014 22:12:00 +0000 (17:12 -0500)

committer James Moger <james.moger@gitblit.com>

Tue, 4 Nov 2014 22:23:50 +0000 (17:23 -0500)
author James Moger <james.moger@gitblit.com>
Tue, 4 Nov 2014 22:12:00 +0000 (17:12 -0500)
committer James Moger <james.moger@gitblit.com>
Tue, 4 Nov 2014 22:23:50 +0000 (17:23 -0500)
diff --git a/src/main/java/com/gitblit/utils/JSoupXssFilter.java b/src/main/java/com/gitblit/utils/JSoupXssFilter.java

index 7fa7b2a1de610f5c45d0945cb5f8ac4025492d0d..5ab7953adffd52df5155726b525b86c01038f4e3 100644 (file)
--- a/src/main/java/com/gitblit/utils/JSoupXssFilter.java
+++ b/src/main/java/com/gitblit/utils/JSoupXssFilter.java
@@ -68,7 +68,7 @@ public class JSoupXssFilter implements XssFilter {
                  "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u",
                  "ul", "var")
  
-        .addAttributes("a", "class", "href", "style", "title")
+        .addAttributes("a", "class", "href", "style", "target", "title")
          .addAttributes("blockquote", "cite")
          .addAttributes("col", "span", "width")
          .addAttributes("colgroup", "span", "width")
author	James Moger <james.moger@gitblit.com>
	Tue, 4 Nov 2014 22:12:00 +0000 (17:12 -0500)
committer	James Moger <james.moger@gitblit.com>
	Tue, 4 Nov 2014 22:23:50 +0000 (17:23 -0500)