Browse Source

Add rel="noopener" to links with target="_blank"

When a user enables one of the user settings that causes external links
to open in new tabs, we should be adding rel="noopener" to the links as
well, for security reasons:
https://mathiasbynens.github.io/rel-noopener/
merge-requests/53/head
Deimos 6 years ago
parent
commit
990d7bfa1e
  1. 1
      tildes/static/js/behaviors/external-links-new-tabs.js
  2. 5
      tildes/tildes/templates/macros/topics.jinja2
  3. 5
      tildes/tildes/templates/topic.jinja2

1
tildes/static/js/behaviors/external-links-new-tabs.js

@ -6,6 +6,7 @@ $.onmount('[data-js-external-links-new-tabs]', function() {
$(this).find('a').each(function() { $(this).find('a').each(function() {
if (this.host !== window.location.host) { if (this.host !== window.location.host) {
$(this).attr('target', '_blank'); $(this).attr('target', '_blank');
$(this).attr('rel', 'noopener');
} }
}); });
}); });

5
tildes/tildes/templates/macros/topics.jinja2

@ -21,7 +21,10 @@
{% elif topic.is_link_type %} {% elif topic.is_link_type %}
<a <a
href="{{ topic.link }}" href="{{ topic.link }}"
{% if request.user.open_new_tab_external %}target="_blank"{% endif %}
{% if request.user.open_new_tab_external %}
target="_blank"
rel="noopener"
{% endif %}
>{{ topic.title }}</a> >{{ topic.title }}</a>
{% endif %} {% endif %}
</h1> </h1>

5
tildes/tildes/templates/topic.jinja2

@ -53,7 +53,10 @@
<div class="topic-icon topic-icon-{{ topic.link_domain.replace('.', '_') }}"></div> <div class="topic-icon topic-icon-{{ topic.link_domain.replace('.', '_') }}"></div>
<a <a
href="{{ topic.link }}" href="{{ topic.link }}"
{% if request.user.open_new_tab_external %}target="_blank"{% endif %}
{% if request.user.open_new_tab_external %}
target="_blank"
rel="noopener"
{% endif %}
>{{ topic.link }}</a> >{{ topic.link }}</a>
</div> </div>

Loading…
Cancel
Save