This PR adds a target attribute to the m-link element.
This also necessitated restricting the href values that can be used because with the inclusion of _self as a target URLs such as javascript:alert('foo'); would run in the current window and be trivially exploitable.
What kind of changes does your PR introduce? (check at least one)
[x] Feature
Does your PR introduce a breaking change? (check one)
[x] Yes
If yes, please describe its impact and migration path for existing applications:
Minor: Using a href such as javascript:alert('foo'); would previously have opened a new tab and run that script. Now the link will not open.
This PR adds a
targetattribute to them-linkelement.This also necessitated restricting the
hrefvalues that can be used because with the inclusion of_selfas atargetURLs such asjavascript:alert('foo');would run in the current window and be trivially exploitable.What kind of changes does your PR introduce? (check at least one)
Does your PR introduce a breaking change? (check one)
If yes, please describe its impact and migration path for existing applications:
Minor: Using a
hrefsuch asjavascript:alert('foo');would previously have opened a new tab and run that script. Now the link will not open.Does your PR fulfill the following requirements?