From 7c655652d42e7d40539cc64ad4abf44bf6d98663 Mon Sep 17 00:00:00 2001
From: Joenio Costa <joenio@colivre.coop.br>
Date: Thu, 16 Apr 2009 19:43:41 -0300
Subject: [PATCH] not sanitize target attribute from tag <a>

---
 config/environment.rb              | 2 +-
 test/unit/tiny_mce_article_test.rb | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/config/environment.rb b/config/environment.rb
index df68b36..d74a061 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -78,7 +78,7 @@ Rails::Initializer.run do |config|
   }
 
   # Adds custom attributes to the Set of allowed html attributes for the #sanitize helper
-  config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style'
+  config.action_view.sanitized_allowed_attributes = 'align', 'border', 'alt', 'vspace', 'hspace', 'width', 'heigth', 'value', 'type', 'data', 'style', 'target'
   
    # Adds custom tags to the Set of allowed html tags for the #sanitize helper
   config.action_view.sanitized_allowed_tags = 'object', 'embed', 'param'
diff --git a/test/unit/tiny_mce_article_test.rb b/test/unit/tiny_mce_article_test.rb
index 6c1933a..c32534f 100644
--- a/test/unit/tiny_mce_article_test.rb
+++ b/test/unit/tiny_mce_article_test.rb
@@ -26,4 +26,10 @@ class TinyMceArticleTest < Test::Unit::TestCase
     assert_includes Article.find_by_contents('article'), tma
   end
 
+  should 'not sanitize target attribute' do
+    ze = create_user('zezinho').person
+    article = TinyMceArticle.create!(:name => 'open link in new window', :body => "open <a href='www.invalid.com' target='_blank'>link</a> in new window", :profile => ze)
+    assert_tag_in_string article.body, :tag => 'a', :attributes => {:target => '_blank'}
+  end
+
 end
--
libgit2 0.21.2