+18Hello
I have a Workspace App in dev phase.
Since I cannot embed a HTML page by design or make use of dynamic user parameters to retrieve an event ID for now, I went with the idea of using a URL / Link within the description box, (Markdown style).
URL points to SP Online
I’d like to implement target=”blank”.
[link](url){:target="_blank"} (Kramdown)
Is this possible?
Thanks
Sameer
Best answer by siennaatsafe
Hi @hkingsbury and @sameer,
I checked in with our development team regarding this.
We use the Marked library to render our markdown: https://marked.js.org/
The team mentioned that we intentionally strip tags like this to mitigate a vulnerability outlined here: https://developer.chrome.com/docs/lighthouse/best-practices/external-anchors-use-rel-noopener.
Because of this, it appears that enabling this functionality isn’t possible at the moment.
+63It appears that the markdown engine FME Flow is using doesn’t support that, it also strips the target from standard HTML
<a href="https://google.com" target="_blank">Opens in new tab</a>
I think it would be worth opening an idea to allow for links to be opened in new tabs/windows
+18It appears that the markdown engine FME Flow is using doesn’t support that, it also strips the target from standard HTML
<a href="https://google.com" target="_blank">Opens in new tab</a>
I think it would be worth opening an idea to allow for links to be opened in new tabs/windows
I also tried a href as well and it failed.
I’ll submit my request as an idea.
How do I find the version of Markdown FME is running on as I could not locate this information?
+63Some one at Safe will be able to find that out -
Just linking your idea as well -
+12Hi @hkingsbury and @sameer,
I checked in with our development team regarding this.
We use the Marked library to render our markdown: https://marked.js.org/
The team mentioned that we intentionally strip tags like this to mitigate a vulnerability outlined here: https://developer.chrome.com/docs/lighthouse/best-practices/external-anchors-use-rel-noopener.
Because of this, it appears that enabling this functionality isn’t possible at the moment.
+18Hello
I understand however, rel="noopener" or rel="noreferrer" would always be added in my code.
This vulnerability has been patched with latest versions of Chromium (version 88+ released Jan 2021). I believe “window.opener” was the culprit.
In my case, I’d use:
<a href="https://www.awebpage.com/" target="_blank" rel="noopener noreferrer">A Web Page</a>
I don’t think this is now a security risk unless the target is unsafe in the first instance.
