diff --git a/modules/monitoring/application/views/helpers/PluginOutput.php b/modules/monitoring/application/views/helpers/PluginOutput.php
index 4ea9a29f2..215ad5ad8 100644
--- a/modules/monitoring/application/views/helpers/PluginOutput.php
+++ b/modules/monitoring/application/views/helpers/PluginOutput.php
@@ -174,7 +174,8 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract
 
             $config = HTMLPurifier_Config::createDefault();
             $config->set('Core.EscapeNonASCIICharacters', true);
-            $config->set('HTML.Allowed', 'p,br,b,a[href],i,table,tr,td[colspan],div,*[class]');
+            $config->set('HTML.Allowed', 'p,br,b,a[href|target],i,table,tr,td[colspan],div,*[class]');
+            $config->set('Attr.AllowedFrameTargets', array('_blank'));
             // This avoids permission problems:
             // $config->set('Core.DefinitionCache', null);
             $config->set('Cache.DefinitionImpl', null);
diff --git a/public/js/icinga/events.js b/public/js/icinga/events.js
index 829ede335..743b7a95e 100644
--- a/public/js/icinga/events.js
+++ b/public/js/icinga/events.js
@@ -420,8 +420,8 @@
             var linkTarget = $a.attr('target');
             var $target;
             var formerUrl;
-            var remote = /^(?:[a-z]+:)\/\//;
-            if (href.match(/^(mailto|javascript|data):/)) {
+            if (href.match(/^(?:(?:mailto|javascript|data):|[a-z]+:\/\/)/)) {
+                event.stopPropagation();
                 return true;
             }
 
@@ -439,10 +439,6 @@
                 }
             }
 
-            // Let remote links pass through
-            if  (href.match(remote)) {
-                return true;
-            }
             // window.open is used as return true; didn't work reliable
             if (linkTarget === '_blank' || linkTarget === '_self') {
                 window.open(href, linkTarget);