imterah/element-portable
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/

Browse source
This commit is contained in:
Matthew Hodgson 2016-08-15 21:37:26 +01:00
parent a94d415106
commit 2a3b0e85ea
5 changed files with 10 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/HtmlUtils.js
View file

@ -69,7 +69,7 @@ var sanitizeHtmlParams = {
allowedAttributes: { allowedAttributes: {
// custom ones first: // custom ones first:
font: [ 'color' ], // custom to matrix font: [ 'color' ], // custom to matrix
a: [ 'href', 'name', 'target' ], // remote target: custom to matrix a: [ 'href', 'name', 'target', 'rel' ], // remote target: custom to matrix
// We don't currently allow img itself by default, but this // We don't currently allow img itself by default, but this
// would make sense if we did // would make sense if we did
img: [ 'src' ], img: [ 'src' ],
@ -92,6 +92,7 @@ var sanitizeHtmlParams = {
else { else {
attribs.target = '_blank'; attribs.target = '_blank';
} }
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
return { tagName: tagName, attribs : attribs }; return { tagName: tagName, attribs : attribs };
}, },
}, },

2
src/components/views/messages/MFileBody.js
View file

@ -60,7 +60,7 @@ module.exports = React.createClass({
return ( return (
<span className="mx_MFileBody"> <span className="mx_MFileBody">
<div className="mx_MImageBody_download"> <div className="mx_MImageBody_download">
<a href={cli.mxcUrlToHttp(content.url)} target="_blank"> <a href={cli.mxcUrlToHttp(content.url)} target="_blank" rel="noopener">
<TintableSvg src="img/download.svg" width="12" height="14"/> <TintableSvg src="img/download.svg" width="12" height="14"/>
Download {text} Download {text}
</a> </a>

2
src/components/views/messages/MImageBody.js
View file

@ -134,7 +134,7 @@ module.exports = React.createClass({
onMouseLeave={this.onImageLeave} /> onMouseLeave={this.onImageLeave} />
</a> </a>
<div className="mx_MImageBody_download"> <div className="mx_MImageBody_download">
<a href={cli.mxcUrlToHttp(content.url)} target="_blank"> <a href={cli.mxcUrlToHttp(content.url)} target="_blank" rel="noopener">
<TintableSvg src="img/download.svg" width="12" height="14"/> <TintableSvg src="img/download.svg" width="12" height="14"/>
Download {content.body} ({ content.info && content.info.size ? filesize(content.info.size) : "Unknown size" }) Download {content.body} ({ content.info && content.info.size ? filesize(content.info.size) : "Unknown size" })
</a> </a>

2
src/components/views/rooms/LinkPreviewWidget.js
View file

@ -123,7 +123,7 @@ module.exports = React.createClass({
<div className="mx_LinkPreviewWidget" > <div className="mx_LinkPreviewWidget" >
{ img } { img }
<div className="mx_LinkPreviewWidget_caption"> <div className="mx_LinkPreviewWidget_caption">
<div className="mx_LinkPreviewWidget_title"><a href={ this.props.link } target="_blank">{ p["og:title"] }</a></div> <div className="mx_LinkPreviewWidget_title"><a href={ this.props.link } target="_blank" rel="noopener">{ p["og:title"] }</a></div>
<div className="mx_LinkPreviewWidget_siteName">{ p["og:site_name"] ? (" - " + p["og:site_name"]) : null }</div> <div className="mx_LinkPreviewWidget_siteName">{ p["og:site_name"] ? (" - " + p["og:site_name"]) : null }</div>
<div className="mx_LinkPreviewWidget_description" ref="description"> <div className="mx_LinkPreviewWidget_description" ref="description">
{ p["og:description"] } { p["og:description"] }

4
src/linkify-matrix.js
View file

@ -137,6 +137,10 @@ matrixLinkify.options = {
} }
}, },
linkAttributes: {
rel: 'noopener',
},
target: function(href, type) { target: function(href, type) {
if (type === 'url') { if (type === 'url') {
if (href.match(matrixLinkify.VECTOR_URL_PATTERN)) { if (href.match(matrixLinkify.VECTOR_URL_PATTERN)) {