2 files changed, 5 insertions, 3 deletions

diff --git a/public/js/extra.js b/public/js/extra.js
index d6bbb0c6..dd264047 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -570,7 +570,9 @@ export function postProcess (code) {
     $(value).html(html)
   })
   // link should open in new window or tab
-  result.find('a:not([href^="#"]):not([target])').attr('target', '_blank')
+  // also add noopener to prevent clickjacking
+  // See details: https://mathiasbynens.github.io/rel-noopener/
+  result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
   // update continue line numbers
   const linenumberdivs = result.find('.gutter.linenumber').toArray()
   for (let i = 0; i < linenumberdivs.length; i++) {
@@ -832,7 +834,7 @@ const anchorForId = id => {
   const anchor = document.createElement('a')
   anchor.className = 'anchor hidden-xs'
   anchor.href = `#${id}`
-  anchor.innerHTML = '<span class="octicon octicon-link"></span>'
+  anchor.innerHTML = '<i class="fa fa-link"></i>'
   anchor.title = id
   return anchor
 }
diff --git a/public/js/index.js b/public/js/index.js
index 1330deac..3dd25fa6 100644
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -1479,7 +1479,7 @@ $('#snippetExportModalConfirm').click(function () {
     file_name: $('#snippetExportModalFileName').val(),
     code: editor.getValue(),
     visibility_level: $('#snippetExportModalVisibility').val(),
-    visibility: $('#snippetExportModalVisibility').val() === 0 ? 'private' : ($('#snippetExportModalVisibility').val() === 10 ? 'internal' : '')
+    visibility: $('#snippetExportModalVisibility').val() === '0' ? 'private' : ($('#snippetExportModalVisibility').val() === '10' ? 'internal' : 'private')
   }
 
   if (!data.title || !data.file_name || !data.code || !data.visibility_level || !$('#snippetExportModalProjects').val()) return