diff options
author | Sheogorath | 2018-10-04 01:41:48 +0200 |
---|---|---|
committer | Sheogorath | 2018-10-04 01:49:36 +0200 |
commit | 75a23fe2c91d6c2f5008daccae72f8964af72307 (patch) | |
tree | 0a0d58402cb694344033414002ee1f20784efbfc /public/js | |
parent | d9ba11b21a77561ec3f72d5396d48fea32f6389d (diff) |
Add rel="noopener" to target="_blank" links
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.
Some more details: https://mathiasbynens.github.io/rel-noopener/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to 'public/js')
-rw-r--r-- | public/js/extra.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/public/js/extra.js b/public/js/extra.js index d6bbb0c6..7a1077d5 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -570,7 +570,9 @@ export function postProcess (code) { $(value).html(html) }) // link should open in new window or tab - result.find('a:not([href^="#"]):not([target])').attr('target', '_blank') + // also add noopener to prevent clickjacking + // See details: https://mathiasbynens.github.io/rel-noopener/ + result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener') // update continue line numbers const linenumberdivs = result.find('.gutter.linenumber').toArray() for (let i = 0; i < linenumberdivs.length; i++) { |