imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/

Browse source
This commit is contained in:
Matthew Hodgson 2016-08-15 21:37:26 +01:00
parent a94d415106
commit 2a3b0e85ea
5 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/HtmlUtils.js
View file

@ -69,7 +69,7 @@ var sanitizeHtmlParams = {
allowedAttributes: {
// custom ones first:
font: [ 'color' ], // custom to matrix
a: [ 'href', 'name', 'target' ], // remote target: custom to matrix
a: [ 'href', 'name', 'target', 'rel' ], // remote target: custom to matrix
// We don't currently allow img itself by default, but this
// would make sense if we did
img: [ 'src' ],
@ -81,7 +81,7 @@ var sanitizeHtmlParams = {
allowedSchemesByTag: {
img: [ 'data' ],
},
transformTags: { // custom to matrix
// add blank targets to all hyperlinks except vector URLs
'a': function(tagName, attribs) {
@ -92,6 +92,7 @@ var sanitizeHtmlParams = {
else {
attribs.target = '_blank';
}
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
return { tagName: tagName, attribs : attribs };
},
},