[Building Sakai] big problem with HTML filtering in 2.7
Matthew Jones
jonespm at umich.edu
Thu Jul 22 06:16:53 PDT 2010
There was a discussion a few years ago on a bug request for drupal, which
has the default of not opening a new window. They considered it bad UI and
violates XHTML strict. [1] among other things, so there are no blanks
appended. However, the big argument for it was that if you didn't have links
open new windows, work could potentially get lost. For instance if someone
is typing something, or filling out a form element and they click a link
which opens in the same frame, they (likely) lose all of their work. There's
also the issue of excluding some targets such as "_top" and "_parent".
I think that more links should just have the option of opening into a
fancybox [2] (or comparable js dialog box), then we wouldn't have these
issues. Then if you used this, you could create a link within the UI that
when clicked on to open a new window if the user chose to. That way the user
is in control.
Anyway, this perhaps is a big feature. In the short term defaulting to
_blank if left unset (current behavior), and restricting _top and _parent
but allowing others might be the easiest fix for KNL-526? Someone would need
to explicitly use target=_self to open in the current iframe. Perhaps the
system default could be toggled via property. (Either _blank default or
_self default if left blank)
[1] http://drupal.org/node/59430
<http://drupal.org/node/59430>[2] http://fancybox.net/
On Thu, Jul 22, 2010 at 8:37 AM, Adam Marshall
<adam.marshall at oucs.ox.ac.uk>wrote:
> http://jira.sakaiproject.org/browse/SAK-18571
>
> In 2.7 we find that EVERY <a href> tag in the HTML site description has
> target="_blank" inserted which amopngst other things makes adding an index
> to the home page impossible.
>
> I think the decision as to whether a hyperlink opens in a new window should
> be left to the page author and should not be automatically imposed without
> any possible way of overriding the setting.
>
> I think there's a strong case for not adding target="_blank" during the
> filtering process. I cant think of any security problems that the addition
> of this attribute solves.
>
> What's the community's feeling on this issue?
>
> adam
> _______________________________________________
> sakai-dev mailing list
> sakai-dev at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>
> TO UNSUBSCRIBE: send email to
> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
> "unsubscribe"
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20100722/f299ad2f/attachment.html
More information about the sakai-dev
mailing list