Merge pull request #982 from SISheogorath/feature/useNoOpener

Add rel="noopener" to target="_blank" links

1 files changed, 3 insertions, 1 deletions

diff --git a/public/js/extra.js b/public/js/extra.js
index d6bbb0c6..7a1077d5 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -570,7 +570,9 @@ export function postProcess (code) {
     $(value).html(html)
   })
   // link should open in new window or tab
-  result.find('a:not([href^="#"]):not([target])').attr('target', '_blank')
+  // also add noopener to prevent clickjacking
+  // See details: https://mathiasbynens.github.io/rel-noopener/
+  result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
   // update continue line numbers
   const linenumberdivs = result.find('.gutter.linenumber').toArray()
   for (let i = 0; i < linenumberdivs.length; i++) {