This PR adds a target attribute to the m-link element.
This also necessitated restricting the href values that can be used because with the inclusion of _self as a target URLs such as javascript:alert('foo'); would run in the current window and be trivially exploitable.
What kind of changes does your PR introduce? (check at least one)
[x] Feature
Does your PR introduce a breaking change? (check one)
[x] Yes
If yes, please describe its impact and migration path for existing applications:
Minor: Using a href such as javascript:alert('foo'); would previously have opened a new tab and run that script. Now the link will not open.
This PR adds a
target
attribute to them-link
element.This also necessitated restricting the
href
values that can be used because with the inclusion of_self
as atarget
URLs such asjavascript:alert('foo');
would run in the current window and be trivially exploitable.What kind of changes does your PR introduce? (check at least one)
Does your PR introduce a breaking change? (check one)
If yes, please describe its impact and migration path for existing applications:
Minor: Using a
href
such asjavascript:alert('foo');
would previously have opened a new tab and run that script. Now the link will not open.Does your PR fulfill the following requirements?