diff options
author | Sheogorath | 2018-10-04 01:41:48 +0200 |
---|---|---|
committer | Sheogorath | 2018-10-04 01:49:36 +0200 |
commit | 75a23fe2c91d6c2f5008daccae72f8964af72307 (patch) | |
tree | 0a0d58402cb694344033414002ee1f20784efbfc /public/views | |
parent | d9ba11b21a77561ec3f72d5396d48fea32f6389d (diff) |
Add rel="noopener" to target="_blank" links
The noopener construct protects from some nasty clickjacking attacks. We
can apply them savely to all our links since we don't rely on the
previously used page.
Some more details: https://mathiasbynens.github.io/rel-noopener/
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r-- | public/views/codimd/body.ejs | 2 | ||||
-rw-r--r-- | public/views/codimd/header.ejs | 16 | ||||
-rw-r--r-- | public/views/index/body.ejs | 4 | ||||
-rw-r--r-- | public/views/shared/refresh-modal.ejs | 2 |
4 files changed, 12 insertions, 12 deletions
diff --git a/public/views/codimd/body.ejs b/public/views/codimd/body.ejs index d4f27a93..dc111909 100644 --- a/public/views/codimd/body.ejs +++ b/public/views/codimd/body.ejs @@ -113,7 +113,7 @@ </div> <div class="modal-body" style="color:black;"> <h5></h5> - <a target="_blank" style="word-break: break-all;"></a> + <a target="_blank" rel="noopener" style="word-break: break-all;"></a> </div> <div class="modal-footer"> <button type="button" class="btn btn-default" data-dismiss="modal"><%= __('OK') %></button> diff --git a/public/views/codimd/header.ejs b/public/views/codimd/header.ejs index 8fc050b7..1b5e4222 100644 --- a/public/views/codimd/header.ejs +++ b/public/views/codimd/header.ejs @@ -22,15 +22,15 @@ <i class="fa fa-caret-down"></i> </a> <ul class="dropdown-menu list" role="menu" aria-labelledby="menu"> - <li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- url %>/new" target="_blank"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a> + <li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- url %>/new" target="_blank" rel="noopener"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a> </li> - <li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a> + <li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a> </li> <li class="divider"></li> <li class="dropdown-header"><%= __('Extra') %></li> <li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a> </li> - <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a> + <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a> </li> <% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %> <li class="divider"></li> @@ -38,7 +38,7 @@ <li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a> </li> <% if(typeof github !== 'undefined' && github) { %> - <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank"><i class="fa fa-github fa-fw"></i> Gist</a> + <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-github fa-fw"></i> Gist</a> </li> <% } %> <% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %> @@ -115,12 +115,12 @@ </ul> <ul class="nav navbar-nav navbar-right" style="padding:0;"> <li> - <a href="<%- url %>/new" target="_blank" class="ui-new"> + <a href="<%- url %>/new" target="_blank" rel="noopener" class="ui-new"> <i class="fa fa-plus"></i> <%= __('New') %> </a> </li> <li> - <a href="#" target="_blank" class="ui-publish"> + <a href="#" target="_blank" rel="noopener" class="ui-publish"> <i class="fa fa-share-square-o"></i> <%= __('Publish') %> </a> </li> @@ -132,7 +132,7 @@ <li class="dropdown-header"><%= __('Extra') %></li> <li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a> </li> - <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a> + <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a> </li> <% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %> <li class="divider"></li> @@ -140,7 +140,7 @@ <li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a> </li> <% if(typeof github !== 'undefined' && github) { %> - <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank"><i class="fa fa-github fa-fw"></i> Gist</a> + <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-github fa-fw"></i> Gist</a> </li> <% } %> <% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %> diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs index 0f2813b9..18bffddb 100644 --- a/public/views/index/body.ejs +++ b/public/views/index/body.ejs @@ -150,10 +150,10 @@ <option value="id">Bahasa Indonesia</option> </select> <p> - Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- url %>/s/release-notes" target="_blank"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- url %>/s/privacy" target="_blank"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- url %>/s/terms-of-use" target="_blank"><%= __('Terms of Use') %></a><% } %> + Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- url %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- url %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- url %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %> </p> <h6 class="social-foot"> - <%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank"><i class="fa fa-globe"></i> POEditor</a>') %> + <%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank" rel="noopener"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank" rel="noopener"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank" rel="noopener"><i class="fa fa-globe"></i> POEditor</a>') %> </h6> </div> </div> diff --git a/public/views/shared/refresh-modal.ejs b/public/views/shared/refresh-modal.ejs index 5be41b2a..64580545 100644 --- a/public/views/shared/refresh-modal.ejs +++ b/public/views/shared/refresh-modal.ejs @@ -14,7 +14,7 @@ </div> <div class="new-version" style="display:none;"> <h5><%= __('New version available!') %></h5> - <a href="<%- url %>/s/release-notes" target="_blank"><%= __('See releases notes here') %></a> + <a href="<%- url %>/s/release-notes" target="_blank" rel="noopener"><%= __('See releases notes here') %></a> <br> <strong><%= __('Refresh to enjoy new features.') %></strong> </div> |