markdown: Stop setting target="_blank".

This setting is being overridden by the frontend since the last commit, and the security model is clearer and more robust if we don't make it appear as though the markdown processor is handling this issue. Co-authored-by: Tim Abbott <tabbott@zulipchat.com> Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
2025-10-27 01:53:59 +00:00 · 2020-02-28 16:37:33 -08:00
parent 68cfcd6446
commit 4f748fb627
11 changed files with 93 additions and 105 deletions
--- a/static/js/markdown.js
+++ b/static/js/markdown.js
@@ -444,13 +444,13 @@ exports.initialize = function (realm_filters, helper_config) {
          + '\n</pre></div>\n\n\n';
    };

-    // Our links have title= and target=_blank
+    // Our links have title=
    r.link = function (href, title, text) {
        title = title || href;
        if (!text.trim()) {
            text = href;
        }
-        const out = '<a href="' + href + '"' + ' target="_blank" title="' +
+        const out = '<a href="' + href + '"' + ' title="' +
                  title + '"' + '>' + text + '</a>';
        return out;
    };