summaryrefslogtreecommitdiff
path: root/public
diff options
context:
space:
mode:
Diffstat (limited to 'public')
-rw-r--r--public/js/extra.js4
-rw-r--r--public/views/codimd/body.ejs2
-rw-r--r--public/views/codimd/header.ejs16
-rw-r--r--public/views/index/body.ejs4
-rw-r--r--public/views/shared/refresh-modal.ejs2
5 files changed, 15 insertions, 13 deletions
diff --git a/public/js/extra.js b/public/js/extra.js
index d6bbb0c6..7a1077d5 100644
--- a/public/js/extra.js
+++ b/public/js/extra.js
@@ -570,7 +570,9 @@ export function postProcess (code) {
$(value).html(html)
})
// link should open in new window or tab
- result.find('a:not([href^="#"]):not([target])').attr('target', '_blank')
+ // also add noopener to prevent clickjacking
+ // See details: https://mathiasbynens.github.io/rel-noopener/
+ result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener')
// update continue line numbers
const linenumberdivs = result.find('.gutter.linenumber').toArray()
for (let i = 0; i < linenumberdivs.length; i++) {
diff --git a/public/views/codimd/body.ejs b/public/views/codimd/body.ejs
index d4f27a93..dc111909 100644
--- a/public/views/codimd/body.ejs
+++ b/public/views/codimd/body.ejs
@@ -113,7 +113,7 @@
</div>
<div class="modal-body" style="color:black;">
<h5></h5>
- <a target="_blank" style="word-break: break-all;"></a>
+ <a target="_blank" rel="noopener" style="word-break: break-all;"></a>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal"><%= __('OK') %></button>
diff --git a/public/views/codimd/header.ejs b/public/views/codimd/header.ejs
index 8fc050b7..1b5e4222 100644
--- a/public/views/codimd/header.ejs
+++ b/public/views/codimd/header.ejs
@@ -22,15 +22,15 @@
<i class="fa fa-caret-down"></i>
</a>
<ul class="dropdown-menu list" role="menu" aria-labelledby="menu">
- <li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- url %>/new" target="_blank"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a>
+ <li role="presentation"><a role="menuitem" class="ui-new" tabindex="-1" href="<%- url %>/new" target="_blank" rel="noopener"><i class="fa fa-plus fa-fw"></i> <%= __('New') %></a>
</li>
- <li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a>
+ <li role="presentation"><a role="menuitem" class="ui-publish" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-share-square-o fa-fw"></i> <%= __('Publish') %></a>
</li>
<li class="divider"></li>
<li class="dropdown-header"><%= __('Extra') %></li>
<li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a>
</li>
- <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
+ <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
</li>
<% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %>
<li class="divider"></li>
@@ -38,7 +38,7 @@
<li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a>
</li>
<% if(typeof github !== 'undefined' && github) { %>
- <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank"><i class="fa fa-github fa-fw"></i> Gist</a>
+ <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-github fa-fw"></i> Gist</a>
</li>
<% } %>
<% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %>
@@ -115,12 +115,12 @@
</ul>
<ul class="nav navbar-nav navbar-right" style="padding:0;">
<li>
- <a href="<%- url %>/new" target="_blank" class="ui-new">
+ <a href="<%- url %>/new" target="_blank" rel="noopener" class="ui-new">
<i class="fa fa-plus"></i> <%= __('New') %>
</a>
</li>
<li>
- <a href="#" target="_blank" class="ui-publish">
+ <a href="#" target="_blank" rel="noopener" class="ui-publish">
<i class="fa fa-share-square-o"></i> <%= __('Publish') %>
</a>
</li>
@@ -132,7 +132,7 @@
<li class="dropdown-header"><%= __('Extra') %></li>
<li role="presentation"><a role="menuitem" class="ui-extra-revision" tabindex="-1" data-toggle="modal" data-target="#revisionModal"><i class="fa fa-history fa-fw"></i> <%= __('Revision') %></a>
</li>
- <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
+ <li role="presentation"><a role="menuitem" class="ui-extra-slide" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-tv fa-fw"></i> <%= __('Slide Mode') %></a>
</li>
<% if((typeof github !== 'undefined' && github) || (typeof dropbox !== 'undefined' && dropbox) || (typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api'))) { %>
<li class="divider"></li>
@@ -140,7 +140,7 @@
<li role="presentation"><a role="menuitem" class="ui-save-dropbox" tabindex="-1" href="#" target="_self"><i class="fa fa-dropbox fa-fw"></i> Dropbox</a>
</li>
<% if(typeof github !== 'undefined' && github) { %>
- <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank"><i class="fa fa-github fa-fw"></i> Gist</a>
+ <li role="presentation"><a role="menuitem" class="ui-save-gist" tabindex="-1" href="#" target="_blank" rel="noopener"><i class="fa fa-github fa-fw"></i> Gist</a>
</li>
<% } %>
<% if(typeof gitlab !== 'undefined' && gitlab && (!gitlab.scope || gitlab.scope === 'api')) { %>
diff --git a/public/views/index/body.ejs b/public/views/index/body.ejs
index 0f2813b9..18bffddb 100644
--- a/public/views/index/body.ejs
+++ b/public/views/index/body.ejs
@@ -150,10 +150,10 @@
<option value="id">Bahasa Indonesia</option>
</select>
<p>
- Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- url %>/s/release-notes" target="_blank"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- url %>/s/privacy" target="_blank"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- url %>/s/terms-of-use" target="_blank"><%= __('Terms of Use') %></a><% } %>
+ Powered by <a href="https://codimd.org">CodiMD</a> | <a href="<%- url %>/s/release-notes" target="_blank" rel="noopener"><%= __('Releases') %></a><% if(privacyStatement) { %> | <a href="<%- url %>/s/privacy" target="_blank" rel="noopener"><%= __('Privacy') %></a><% } %><% if(termsOfUse) { %> | <a href="<%- url %>/s/terms-of-use" target="_blank" rel="noopener"><%= __('Terms of Use') %></a><% } %>
</p>
<h6 class="social-foot">
- <%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank"><i class="fa fa-globe"></i> POEditor</a>') %>
+ <%- __('Follow us on %s and %s.', '<a href="https://github.com/hackmdio/CodiMD" target="_blank" rel="noopener"><i class="fa fa-github"></i> GitHub</a>, <a href="https://riot.im/app/#/room/#codimd:matrix.org" target="_blank" rel="noopener"><i class="fa fa-comments"></i> Riot</a>', '<a href="https://translate.codimd.org" target="_blank" rel="noopener"><i class="fa fa-globe"></i> POEditor</a>') %>
</h6>
</div>
</div>
diff --git a/public/views/shared/refresh-modal.ejs b/public/views/shared/refresh-modal.ejs
index 5be41b2a..64580545 100644
--- a/public/views/shared/refresh-modal.ejs
+++ b/public/views/shared/refresh-modal.ejs
@@ -14,7 +14,7 @@
</div>
<div class="new-version" style="display:none;">
<h5><%= __('New version available!') %></h5>
- <a href="<%- url %>/s/release-notes" target="_blank"><%= __('See releases notes here') %></a>
+ <a href="<%- url %>/s/release-notes" target="_blank" rel="noopener"><%= __('See releases notes here') %></a>
<br>
<strong><%= __('Refresh to enjoy new features.') %></strong>
</div>
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-23 19:34:01 +0000