Closed dhuuthang closed 8 months ago
Hi @dhuuthang
the code example which you are showing here should be considered as hack or at least as tricky workaround and is not covered by the scope of this plugin. There is a note in the settings of this plugin that opening a custom link within a new tab is technically impossible. This restriction is set by Moodle's Navigation API, not by the plugin.
The fact that your hack is possible at all is based on my assumption that the admin knows what he is doing when he configures the custom nodes. And that, if you really want to build hacks, you should be able to do that. I don't have any plans to raise sanitation of the configuration, so if you want to keep the hack, then you are free to do that.
However, after MDL-58964 has landed in Moodle core, it would be possible to at least configure custom CSS classes for custom nodes. This is already used by the new collapsing mechanism. It would also be possible then to set a special CSS class and add a small JavaScript listener, opening the link in a new tab instead of the current window if this class is present.
The first thing is already in my Backlog and will be realized in the long run and I have just added your request to the backlog, too.
If you have time, don't hesitate to come up with a pull request.
Cheers, Alex
Hi Alex,
I'll keep using the hack for a while, as it's fairly simple to maintain and I only need it for a single node.
Thank you for creating this awesome plugin!
Cheers,
Huu Thang
On Fri, Sep 25, 2020, 18:05 Alexander Bias notifications@github.com wrote:
Hi @dhuuthang https://github.com/dhuuthang
the code example which you are showing here should be considered as hack or at least as tricky workaround and is not covered by the scope of this plugin. There is a note in the settings of this plugin that opening a custom link within a new tab is technically impossible. This restriction is set by Moodle's Navigation API, not by the plugin.
The fact that your hack is possible at all is based on my assumption that the admin knows what he is doing when he configures the custom nodes. And that, if you really want to build hacks, you should be able to do that. I don't have any plans to raise sanitation of the configuration, so if you want to keep the hack, then you are free to do that.
However, after MDL-58964 has landed in Moodle core, it would be possible to at least configure custom CSS classes for custom nodes. This is already used by the new collapsing mechanism. It would also be possible then to set a special CSS class and add a small JavaScript listener, opening the link in a new tab instead of the current window if this class is present.
The first thing is already in my Backlog and will be realized in the long run and I have just added your request to the backlog, too.
If you have time, don't hesitate to come up with a pull request.
Cheers, Alex
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/moodleuulm/moodle-local_boostnavigation/issues/67#issuecomment-698868153, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHFWBAXGPSZUFPRGKZSHD4DSHR2P7ANCNFSM4P2UJNQA .
I would like to add a small note that, if this feature is implemented, the rel="noopener noreferrer"
attributes should be added to the links which open new tabs.
This plugin has finally reached end of life now and will not be upgraded to Moodle 4.x.
I would like to invite you to have a look at our Moodle 4 theme theme_boost_union which supports several aspects of this plugin's feature set and is actively maintained and extended. Thank you for your understanding.
Against this background, I will close this issue.
Hi there,
As the default configuration does not allow a node to be opened in a new tab, instead of using this syntax:
After inspecting the HTML code, I tried to apply the principle of SQL injection to see whether it works or not, and indeed it does:
Notice the quotes I injected:
I suggest you could add an additional parameter at the end, specifying where the node should open, and sanitize user inputs before outputting to the browser. By default, it opens in the current tab.
Thank you!