jlelse
/
Indieroad
Archived
1
Fork 0

Fix external links security

This commit is contained in:
Jan-Lukas Else 2020-05-02 08:03:49 +02:00
parent 358717f693
commit de9866362e
6 changed files with 9 additions and 9 deletions

View File

@ -1 +1 @@
<a href="{{ .Destination | safeURL }}"{{ with .Title}} title="{{ . }}"{{ end }}{{ if strings.HasPrefix .Destination "http" }} target="_blank"{{ end }}>{{ .Text | markdownify }}</a>
<a href="{{ .Destination | safeURL }}"{{ with .Title}} title="{{ . }}"{{ end }}{{ if strings.HasPrefix .Destination "http" }} target="_blank" rel="noopener"{{ end }}>{{ .Text | markdownify }}</a>

View File

@ -24,7 +24,7 @@
{{ end }}
{{ .Content }}
{{ with .Params.externalUrl }}
<p><a class="u-bookmark-of" href="{{ . }}" target="_blank">{{ . }}</a></p>
<p><a class="u-bookmark-of" href="{{ . }}" target="_blank" rel="noopener">{{ . }}</a></p>
{{ end }}
</div>
{{ partial "post_tags" . }}

View File

@ -3,7 +3,7 @@
<div class="list-header">
{{ if .Title }}
{{ if (and $showFull .Params.externalURL) }}
<a class="u-bookmark-of" href="{{ .Params.externalURL }}" target="_blank">
<a class="u-bookmark-of" href="{{ .Params.externalURL }}" target="_blank" rel="noopener">
<h2 class="list-title p-name">{{ .Title }}</h2>
</a>
{{ else }}

View File

@ -1,6 +1,6 @@
{{ if .Param "shareLink" }}
<div class="item">
<a href="https://www.addtoany.com/share#url={{ .Permalink }}{{ with .Title }}&title={{ . }}{{ end }}" target="_blank" rel="nofollow noopener">{{ T "share" }}</a>
<a href="https://www.addtoany.com/share#url={{ .Permalink }}{{ with .Title }}&title={{ . }}{{ end }}" target="_blank" rel="nofollow noopener noreferrer">{{ T "share" }}</a>
</div>
{{ end }}
{{ if .IsTranslated }}

View File

@ -9,7 +9,7 @@
<ul class="mentions-list">
{{ range sort . ".date" "asc" }}
{{ $sourceUrl := urls.Parse .source }}
<li class="item"><a href="{{ .source }}" target="_blank" rel="nofollow noopener">{{ $sourceUrl.Host }}</a> <i>{{ dateFormat $dateFormat .date }}</i></li>
<li class="item"><a href="{{ .source }}" target="_blank" rel="nofollow noopener noreferrer">{{ $sourceUrl.Host }}</a> <i>{{ dateFormat $dateFormat .date }}</i></li>
{{ end }}
</ul>
</details>

View File

@ -16,25 +16,25 @@
{{ with .Param "indieweb.reply" }}
{{ if .link }}
<div class="item">
{{ T "meta_reply_to" }}: <a class="u-in-reply-to" href="{{ .link }}" target="_blank">{{ .title | default .link }}</a>
{{ T "meta_reply_to" }}: <a class="u-in-reply-to" href="{{ .link }}" target="_blank" rel="noopener">{{ .title | default .link }}</a>
</div>
{{ end }}
{{ end }}
{{ with .Param "indieweb.like" }}
{{ if .link }}
<div class="item">
{{ T "meta_like_of" }}: <a class="u-like-of" href="{{ .link }}" target="_blank">{{ .title | default .link }}</a>
{{ T "meta_like_of" }}: <a class="u-like-of" href="{{ .link }}" target="_blank" rel="noopener">{{ .title | default .link }}</a>
</div>
{{ end }}
{{ end }}
{{ if .Param "shareLink" }}
<div class="item">
<a href="https://www.addtoany.com/share#url={{ .Permalink }}{{ with .Title }}&title={{ . }}{{ end }}" target="_blank" rel="nofollow noopener">{{ T "share" }}</a>
<a href="https://www.addtoany.com/share#url={{ .Permalink }}{{ with .Title }}&title={{ . }}{{ end }}" target="_blank" rel="nofollow noopener noreferrer">{{ T "share" }}</a>
</div>
{{ end }}
{{ with .Param "syndicate" }}
<div class="item">
{{ T "also_on" }}:{{ $delimiter := "" }}{{ range $index, $link := . }}{{ $delimiter }} <a class="u-syndication" href="{{ $link }}" target="_blank">{{ (urls.Parse $link).Host }}</a>{{ $delimiter = "," }}{{ end }}
{{ T "also_on" }}:{{ $delimiter := "" }}{{ range $index, $link := . }}{{ $delimiter }} <a class="u-syndication" href="{{ $link }}" target="_blank" rel="nofollow noopener noreferrer">{{ (urls.Parse $link).Host }}</a>{{ $delimiter = "," }}{{ end }}
</div>
{{ end }}
{{ if .IsTranslated }}