Add rel="noopener" to target="_blank" links
The noopener construct protects from some nasty clickjacking attacks. We can apply them savely to all our links since we don't rely on the previously used page. Some more details: https://mathiasbynens.github.io/rel-noopener/ Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
parent
d9ba11b21a
commit
75a23fe2c9
5 changed files with 15 additions and 13 deletions
|
@ -570,7 +570,9 @@ export function postProcess (code) {
|
||||||
$(value).html(html)
|
$(value).html(html)
|
||||||
})
|
})
|
||||||
// link should open in new window or tab
|
// link should open in new window or tab
|
||||||
result.find('a:not([href^="#"]):not([target])').attr('target', '_blank')
|
// also add noopener to prevent clickjacking
|
||||||
|
// See details: https://mathiasbynens.github.io/rel-noopener/
|
||||||
|
result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
|
||||||
// update continue line numbers
|
// update continue line numbers
|
||||||
const linenumberdivs = result.find('.gutter.linenumber').toArray()
|
const linenumberdivs = result.find('.gutter.linenumber').toArray()
|
||||||
for (let i = 0; i < linenumberdivs.length; i++) {
|
for (let i = 0; i < linenumberdivs.length; i++) {
|
||||||
|
|
|
@ -113,7 +113,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body" style="color:black;">
|
<div class="modal-body" style="color:black;">
|
||||||
<h5></h5>
|
<h5></h5>
|
||||||
<a target="_blank" style="word-break: break-all;"></a>
|
<a target="_blank" rel="noopener" style="word-break: break-all;"></a>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-footer">
|
<div class="modal-footer">
|
||||||
<button type="button" class="btn btn-default" data-dismiss="modal"><%= __('OK') %></button>
|
<button type="button" class="btn btn-default" data-dismiss="modal"><%= __('OK') %></button>
|
||||||
|
|
|
@ -22,15 +22,15 @@
|
||||||
<i class="fa fa-caret-down"></i>
|
<i class="fa fa-caret-down"></i>
|
||||||
</a>
|
</a>
|
||||||
<ul class="dropdown-menu list" role="menu" aria-labelledby="menu">
|
<ul class="dropdown-menu list" role="menu" aria-labelledby="menu">
|
||||||
<li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- url %>/new" target="_blank"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a>
|
<li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- url %>/new" target="_blank" rel="noopener"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a>
|
||||||
</li>
|
</li>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a>
|
<li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a>
|
||||||
</li>
|
</li>
|
||||||
<li class="divider"></li>
|
<li class="divider"></li>
|
||||||
<li class="dropdown-header"><%= __('Extra') %></li>
|
<li class="dropdown-header"><%= __('Extra') %></li>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a>
|
<li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a>
|
||||||
</li>
|
</li>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
|
<li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
|
||||||
</li>
|
</li>
|
||||||
<% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %>
|
<% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %>
|
||||||
<li class="divider"></li>
|
<li class="divider"></li>
|
||||||
|
@ -38,7 +38,7 @@
|
||||||
<li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a>
|
<li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a>
|
||||||
</li>
|
</li>
|
||||||
<% if(typeof github !== 'undefined' && github) { %>
|
<% if(typeof github !== 'undefined' && github) { %>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank"><i class="fa fa-github fa-fw"></i> Gist</a>
|
<li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-github fa-fw"></i> Gist</a>
|
||||||
</li>
|
</li>
|
||||||
<% } %>
|
<% } %>
|
||||||
<% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %>
|
<% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %>
|
||||||
|
@ -115,12 +115,12 @@
|
||||||
</ul>
|
</ul>
|
||||||
<ul class="nav navbar-nav navbar-right" style="padding:0;">
|
<ul class="nav navbar-nav navbar-right" style="padding:0;">
|
||||||
<li>
|
<li>
|
||||||
<a href="<%- url %>/new" target="_blank" class="ui-new">
|
<a href="<%- url %>/new" target="_blank" rel="noopener" class="ui-new">
|
||||||
<i class="fa fa-plus"></i> <%= __('New') %>
|
<i class="fa fa-plus"></i> <%= __('New') %>
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<a href="#" target="_blank" class="ui-publish">
|
<a href="#" target="_blank" rel="noopener" class="ui-publish">
|
||||||
<i class="fa fa-share-square-o"></i> <%= __('Publish') %>
|
<i class="fa fa-share-square-o"></i> <%= __('Publish') %>
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
|
@ -132,7 +132,7 @@
|
||||||
<li class="dropdown-header"><%= __('Extra') %></li>
|
<li class="dropdown-header"><%= __('Extra') %></li>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a>
|
<li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a>
|
||||||
</li>
|
</li>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
|
<li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
|
||||||
</li>
|
</li>
|
||||||
<% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %>
|
<% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %>
|
||||||
<li class="divider"></li>
|
<li class="divider"></li>
|
||||||
|
@ -140,7 +140,7 @@
|
||||||
<li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a>
|
<li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a>
|
||||||
</li>
|
</li>
|
||||||
<% if(typeof github !== 'undefined' && github) { %>
|
<% if(typeof github !== 'undefined' && github) { %>
|
||||||
<li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank"><i class="fa fa-github fa-fw"></i> Gist</a>
|
<li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-github fa-fw"></i> Gist</a>
|
||||||
</li>
|
</li>
|
||||||
<% } %>
|
<% } %>
|
||||||
<% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %>
|
<% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %>
|
||||||
|
|
|
@ -150,10 +150,10 @@
|
||||||
<option value="id">Bahasa Indonesia</option>
|
<option value="id">Bahasa Indonesia</option>
|
||||||
</select>
|
</select>
|
||||||
<p>
|
<p>
|
||||||
Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- url %>/s/release-notes" target="_blank"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- url %>/s/privacy" target="_blank"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- url %>/s/terms-of-use" target="_blank"><%= __('Terms of Use') %></a><% } %>
|
Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- url %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- url %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- url %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %>
|
||||||
</p>
|
</p>
|
||||||
<h6 class="social-foot">
|
<h6 class="social-foot">
|
||||||
<%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank"><i class="fa fa-globe"></i> POEditor</a>') %>
|
<%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank" rel="noopener"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank" rel="noopener"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank" rel="noopener"><i class="fa fa-globe"></i> POEditor</a>') %>
|
||||||
</h6>
|
</h6>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="new-version" style="display:none;">
|
<div class="new-version" style="display:none;">
|
||||||
<h5><%= __('New version available!') %></h5>
|
<h5><%= __('New version available!') %></h5>
|
||||||
<a href="<%- url %>/s/release-notes" target="_blank"><%= __('See releases notes here') %></a>
|
<a href="<%- url %>/s/release-notes" target="_blank" rel="noopener"><%= __('See releases notes here') %></a>
|
||||||
<br>
|
<br>
|
||||||
<strong><%= __('Refresh to enjoy new features.') %></strong>
|
<strong><%= __('Refresh to enjoy new features.') %></strong>
|
||||||
</div>
|
</div>
|
||||||
|
|
Loading…
Reference in a new issue