From 34bf3adc3350bbedad614ff90d98867b77ad629c Mon Sep 17 00:00:00 2001
From: bartbutenaers <bart.butenaers@gmail.com>
Date: Wed, 13 Nov 2024 19:52:43 +0000
Subject: [PATCH] sanetize target attr fix

---
 ui/src/widgets/ui-text/UIText.vue | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ui/src/widgets/ui-text/UIText.vue b/ui/src/widgets/ui-text/UIText.vue
index 4ac61c583..0f615136a 100644
--- a/ui/src/widgets/ui-text/UIText.vue
+++ b/ui/src/widgets/ui-text/UIText.vue
@@ -24,8 +24,9 @@ export default {
         value: function () {
             const m = this.messages[this.id] || {}
             if (Object.prototype.hasOwnProperty.call(m, 'payload')) {
-                // Sanetize the html to avoid XSS attacks
-                return DOMPurify.sanitize(m.payload)
+                // Sanetize the html to avoid XSS attacks.
+                // The target attribute of a href attribute is allowed (for hyperlinks).
+                return DOMPurify.sanitize(m.payload, { ADD_ATTR: ['target'] })
             }
             return ''
         },