fix: Render links with target attribute (#4685)

app/javascript/shared/helpers/HTMLSanitizer.js

@@ -6,3 +6,15 @@ export const escapeHtml = (unsafe = '') => {
     .replace(/"/g, '"')
     .replace(/'/g, ''');
 };
+
+export const afterSanitizeAttributes = currentNode => {
+  if ('target' in currentNode) {
+    currentNode.setAttribute('target', '_blank');
+  }
+};
+
+export const domPurifyConfig = {
+  hooks: {
+    afterSanitizeAttributes,
+  },
+};

app/javascript/shared/helpers/MessageFormatter.js

@@ -1,6 +1,6 @@
 import { marked } from 'marked';
 import DOMPurify from 'dompurify';
-import { escapeHtml } from './HTMLSanitizer';
+import { escapeHtml, afterSanitizeAttributes } from './HTMLSanitizer';
 
 const TWITTER_USERNAME_REGEX = /(^|[^@\w])@(\w{1,15})\b/g;
 const TWITTER_USERNAME_REPLACEMENT =
@@ -48,9 +48,7 @@ class MessageFormatter {
       const markedDownOutput = marked(withHash);
       return markedDownOutput;
     }
-    DOMPurify.addHook('afterSanitizeAttributes', node => {
-      if ('target' in node) node.setAttribute('target', '_blank');
-    });
+    DOMPurify.addHook('afterSanitizeAttributes', afterSanitizeAttributes);
     return DOMPurify.sanitize(
       marked(this.message, { breaks: true, gfm: true })
     );