abias
commented
3 years ago Hi @dhuuthang
the code example which you are showing here should be considered as hack or at least as tricky workaround and is not covered by the scope of this plugin. There is a note in the settings of this plugin that opening a custom link within a new tab is technically impossible. This restriction is set by Moodle's Navigation API, not by the plugin.
The fact that your hack is possible at all is based on my assumption that the admin knows what he is doing when he configures the custom nodes. And that, if you really want to build hacks, you should be able to do that. I don't have any plans to raise sanitation of the configuration, so if you want to keep the hack, then you are free to do that.
However, after MDL-58964 has landed in Moodle core, it would be possible to at least configure custom CSS classes for custom nodes. This is already used by the new collapsing mechanism. It would also be possible then to set a special CSS class and add a small JavaScript listener, opening the link in a new tab instead of the current window if this class is present.
The first thing is already in my Backlog and will be realized in the long run and I have just added your request to the backlog, too.
If you have time, don't hesitate to come up with a pull request.
Cheers, Alex
dhuuthang
Hi there,
As the default configuration does not allow a node to be opened in a new tab, instead of using this syntax:
After inspecting the HTML code, I tried to apply the principle of SQL injection to see whether it works or not, and indeed it does:
Notice the quotes I injected:
I suggest you could add an additional parameter at the end, specifying where the node should open, and sanitize user inputs before outputting to the browser. By default, it opens in the current tab.
Thank you!