diff --git a/app/models/user_field.rb b/app/models/user_field.rb
index ea8330cc69b..a872af740f5 100644
--- a/app/models/user_field.rb
+++ b/app/models/user_field.rb
@@ -28,7 +28,7 @@ class UserField < ActiveRecord::Base
def sanitize_description
if description_changed?
- self.description = sanitize_field(self.description)
+ self.description = sanitize_field(self.description, additional_attributes: ['target'])
end
end
end
diff --git a/spec/models/user_field_spec.rb b/spec/models/user_field_spec.rb
index e93c956bed1..ad81162d792 100644
--- a/spec/models/user_field_spec.rb
+++ b/spec/models/user_field_spec.rb
@@ -19,4 +19,13 @@ RSpec.describe UserField do
expect(user_field.description).to eq("click me!alert('TEST');")
end
+
+ it 'allows target attribute in the description' do
+ link = "elsewhere"
+ user_field = Fabricate(:user_field)
+
+ user_field.update!(description: link)
+
+ expect(user_field.description).to eq(link)
+ end
end