add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/
This commit is contained in:
parent
a94d415106
commit
2a3b0e85ea
5 changed files with 10 additions and 5 deletions
|
@ -69,7 +69,7 @@ var sanitizeHtmlParams = {
|
|||
allowedAttributes: {
|
||||
// custom ones first:
|
||||
font: [ 'color' ], // custom to matrix
|
||||
a: [ 'href', 'name', 'target' ], // remote target: custom to matrix
|
||||
a: [ 'href', 'name', 'target', 'rel' ], // remote target: custom to matrix
|
||||
// We don't currently allow img itself by default, but this
|
||||
// would make sense if we did
|
||||
img: [ 'src' ],
|
||||
|
@ -92,6 +92,7 @@ var sanitizeHtmlParams = {
|
|||
else {
|
||||
attribs.target = '_blank';
|
||||
}
|
||||
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
|
||||
return { tagName: tagName, attribs : attribs };
|
||||
},
|
||||
},
|
||||
|
|
|
@ -60,7 +60,7 @@ module.exports = React.createClass({
|
|||
return (
|
||||
<span className="mx_MFileBody">
|
||||
<div className="mx_MImageBody_download">
|
||||
<a href={cli.mxcUrlToHttp(content.url)} target="_blank">
|
||||
<a href={cli.mxcUrlToHttp(content.url)} target="_blank" rel="noopener">
|
||||
<TintableSvg src="img/download.svg" width="12" height="14"/>
|
||||
Download {text}
|
||||
</a>
|
||||
|
|
|
@ -134,7 +134,7 @@ module.exports = React.createClass({
|
|||
onMouseLeave={this.onImageLeave} />
|
||||
</a>
|
||||
<div className="mx_MImageBody_download">
|
||||
<a href={cli.mxcUrlToHttp(content.url)} target="_blank">
|
||||
<a href={cli.mxcUrlToHttp(content.url)} target="_blank" rel="noopener">
|
||||
<TintableSvg src="img/download.svg" width="12" height="14"/>
|
||||
Download {content.body} ({ content.info && content.info.size ? filesize(content.info.size) : "Unknown size" })
|
||||
</a>
|
||||
|
|
|
@ -123,7 +123,7 @@ module.exports = React.createClass({
|
|||
<div className="mx_LinkPreviewWidget" >
|
||||
{ img }
|
||||
<div className="mx_LinkPreviewWidget_caption">
|
||||
<div className="mx_LinkPreviewWidget_title"><a href={ this.props.link } target="_blank">{ p["og:title"] }</a></div>
|
||||
<div className="mx_LinkPreviewWidget_title"><a href={ this.props.link } target="_blank" rel="noopener">{ p["og:title"] }</a></div>
|
||||
<div className="mx_LinkPreviewWidget_siteName">{ p["og:site_name"] ? (" - " + p["og:site_name"]) : null }</div>
|
||||
<div className="mx_LinkPreviewWidget_description" ref="description">
|
||||
{ p["og:description"] }
|
||||
|
|
|
@ -137,6 +137,10 @@ matrixLinkify.options = {
|
|||
}
|
||||
},
|
||||
|
||||
linkAttributes: {
|
||||
rel: 'noopener',
|
||||
},
|
||||
|
||||
target: function(href, type) {
|
||||
if (type === 'url') {
|
||||
if (href.match(matrixLinkify.VECTOR_URL_PATTERN)) {
|
||||
|
|
Loading…
Reference in a new issue