From b5010f9f54ae2d32cf1c86e7b7129aa2d6633053 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 4 Nov 2014 17:12:00 -0500
Subject: Whitelist the "target" link attribute in the XSS filter

---
 src/main/java/com/gitblit/utils/JSoupXssFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/main/java/com/gitblit/utils/JSoupXssFilter.java b/src/main/java/com/gitblit/utils/JSoupXssFilter.java
index b5ac59f6..aec22411 100644
--- a/src/main/java/com/gitblit/utils/JSoupXssFilter.java
+++ b/src/main/java/com/gitblit/utils/JSoupXssFilter.java
@@ -73,7 +73,7 @@ public class JSoupXssFilter implements XssFilter {
                 "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "u",
                 "ul", "var")
 
-        .addAttributes("a", "class", "href", "style", "title")
+        .addAttributes("a", "class", "href", "style", "target", "title")
         .addAttributes("blockquote", "cite")
         .addAttributes("col", "span", "width")
         .addAttributes("colgroup", "span", "width")
-- 
cgit v1.2.3