target="_blank" is allowed, but cleared by html_sanitize()

[GoogleCodeExporter]

Hi folks,
What revision of the cajoler exhibits the problem? 4314
On what browser and OS? I think any. Reproduced on Chrome r64647 beta, Ubuntu 
10.04.

What steps will reproduce the problem?
1. Call html_sanitize() with HTML snippet containing '<a target="_blank"'.

What is the expected output? What do you see instead?
According to
http://www.google.com/codesearch/p?hl=en#wBZsFl6bRv8/trunk/src/com/google/caja/l
ang/html/html4-attributes.json&q=%22_blank%22%20package:http://google-caja%5C.go
oglecode%5C.com&l=30
_blank is allowed. But is cleared.

Please provide any additional information below.
I suppose that's because html_sanitize() do not respect FRAME_TARGET.
Currently we're using ugly hack
html4.ATTRIBS["a::target"] = 0;
to not to copy-paste complete Sax parser and sanitizeAttribs = 50 lines. We'd 
really appreciate easier customization of html_sanitize(). For example, it 
would be great to be able to override some sax-parser attribute like startTag.
Thanks in advance!

Original issue reported on code.google.com by lazerka@google.com on 8 Nov 2010 at 8:53

[GoogleCodeExporter]

Original comment by mikesamuel@gmail.com on 19 Nov 2010 at 4:12

• Changed state: Accepted

[GoogleCodeExporter]

This is an old bug, but it persists in r5387.

Original comment by ihab.a...@gmail.com on 1 May 2013 at 5:15

• Changed state: New

[GoogleCodeExporter]

Original comment by kpreid@google.com on 7 Nov 2013 at 9:24

• Added labels: Component-Sanitizer

[GoogleCodeExporter]

Has any progress been made on this issue?  It seems to still be broken now.

Original comment by wtog...@gmail.com on 24 Jun 2014 at 9:39