mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-18 00:54:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Add rel="noopener" to target="_blank" links

Browse source 
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.

Some more details: https://mathiasbynens.github.io/rel-noopener/

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
This commit is contained in:
Sheogorath 2018-10-04 01:41:48 +02:00
parent d9ba11b21a
commit 75a23fe2c9
No known key found for this signature in database
GPG key ID: 1F05CC3635CDDFFD
5 changed files with 15 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
public/js/extra.js
View file

@ -570,7 +570,9 @@ export function postProcess (code) {
$(value).html(html)
})
// link should open in new window or tab
result.find('a:not([href^="#"]):not([target])').attr('target', '_blank')
// also add noopener to prevent clickjacking
// See details: https://mathiasbynens.github.io/rel-noopener/
result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
// update continue line numbers
const linenumberdivs = result.find('.gutter.linenumber').toArray()
for (let i = 0; i < linenumberdivs.length; i++) {