keycloakify icon indicating copy to clipboard operation
keycloakify copied to clipboard
verified publisher icon keycloakify

Allow "target" property in anchors on KcSanitizer

Open ghost opened this issue 11 months ago • 2 comments

I'd like to open the subscription terms and the privacy policy in a new tab instead of opening it in the same tab.

I added the following to the i18n.ts file:

           termsText:
                'Please accept the <a href="https://link.to/subscription-terms" target="_blank">subscription terms</a>.',

and call it like this:

          <label htmlFor="termsAccepted" className={kcClsx("kcLabelClass")}>
             {msg("acceptTerms")}
          </label>

I found that the i18n string is sanitized using the kcSanitize function. There, it actually removes the target="_blank" part of the link. Could this be added or is there another way to achieve this desired functionality?

ghost avatar Jan 16 '25 10:01 ghost

Hello @nicolaric-akenza,

The kcSanitize function is a direct JavaScript port of the Java implementation from the Keycloak codebase.
I'd like to keep it that way.

You can however do:

const { msg, msgStr } = i18n;

//...

          <label 
              htmlFor="termsAccepted" 
              className={kcClsx("kcLabelClass")}
              dangerouslySetInnerHTML={{
                 __html: msgStr("acceptTerms")
              }}
        />

This is fully safe, it's trusted string that you're rendering.

garronej avatar Jan 16 '25 17:01 garronej

The upstream issue https://github.com/keycloak/keycloak/issues/28846 for this problem was recently fixed with https://github.com/keycloak/keycloak/pull/42700. I submitted #929 to mirror this.

kodebach avatar Oct 02 '25 10:10 kodebach