From 4a78fa6a660d5e80d237dfdfac718662cb98d8ba Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@netways.de>
Date: Thu, 2 Jun 2016 10:43:34 +0200
Subject: [PATCH 1/2] List views: handle clicks on mailto: and http:// links as
 expected

refs #11267
---
 public/js/icinga/events.js | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/public/js/icinga/events.js b/public/js/icinga/events.js
index 829ede335..743b7a95e 100644
--- a/public/js/icinga/events.js
+++ b/public/js/icinga/events.js
@@ -420,8 +420,8 @@
             var linkTarget = $a.attr('target');
             var $target;
             var formerUrl;
-            var remote = /^(?:[a-z]+:)\/\//;
-            if (href.match(/^(mailto|javascript|data):/)) {
+            if (href.match(/^(?:(?:mailto|javascript|data):|[a-z]+:\/\/)/)) {
+                event.stopPropagation();
                 return true;
             }
 
@@ -439,10 +439,6 @@
                 }
             }
 
-            // Let remote links pass through
-            if  (href.match(remote)) {
-                return true;
-            }
             // window.open is used as return true; didn't work reliable
             if (linkTarget === '_blank' || linkTarget === '_self') {
                 window.open(href, linkTarget);

From f75925b550b49eea431bed4f47b7a0bb3a837961 Mon Sep 17 00:00:00 2001
From: "Alexander A. Klimov" <alexander.klimov@netways.de>
Date: Thu, 2 Jun 2016 12:38:17 +0200
Subject: [PATCH 2/2] PluginOutput: preserve <a target="_blank">

refs #11267
---
 modules/monitoring/application/views/helpers/PluginOutput.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/monitoring/application/views/helpers/PluginOutput.php b/modules/monitoring/application/views/helpers/PluginOutput.php
index ba3013a3a..997536ef0 100644
--- a/modules/monitoring/application/views/helpers/PluginOutput.php
+++ b/modules/monitoring/application/views/helpers/PluginOutput.php
@@ -105,7 +105,8 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract
 
             $config = HTMLPurifier_Config::createDefault();
             $config->set('Core.EscapeNonASCIICharacters', true);
-            $config->set('HTML.Allowed', 'p,br,b,a[href],i,table,tr,td[colspan],div,*[class]');
+            $config->set('HTML.Allowed', 'p,br,b,a[href|target],i,table,tr,td[colspan],div,*[class]');
+            $config->set('Attr.AllowedFrameTargets', array('_blank'));
             // This avoids permission problems:
             // $config->set('Core.DefinitionCache', null);
             $config->set('Cache.DefinitionImpl', null);