Add target="_blank" to links that don't have it

This is now more of a problem in the Electron app because of https://github.com/electron/electron/issues/8841 but is still annoying in the webapp if you're taken away from your chat client. Exception is the SSO link, as commented (issue filed at https://github.com/vector-im/riot-web/issues/8247). Fixes https://github.com/vector-im/riot-web/issues/8226
2019-01-24 16:19:18 +00:00 · 2019-01-24 16:19:18 +00:00 · 4bcb9f12d4
commit 4bcb9f12d4
parent 7b5500b9e8
5 changed files with 22 additions and 6 deletions
--- a/src/components/structures/auth/Login.js
+++ b/src/components/structures/auth/Login.js
@ -446,7 +446,7 @@ module.exports = React.createClass({
                        "Either use HTTPS or <a>enable unsafe scripts</a>.", {},
                        {
                            'a': (sub) => {
-                                return <a href="https://www.google.com/search?&q=enable%20unsafe%20scripts">
+                                return <a target="_blank" rel="noopener" href="https://www.google.com/search?&q=enable%20unsafe%20scripts">
                                    { sub }
                                </a>;
                            },
@ -460,7 +460,7 @@ module.exports = React.createClass({
                        "is not blocking requests.", {},
                        {
                            'a': (sub) => {
-                                return <a href={this.state.enteredHomeserverUrl}>{ sub }</a>;
+                                return <a target="_blank" rel="noopener" href={this.state.enteredHomeserverUrl}>{ sub }</a>;
                            },
                        },
                    ) }
@ -508,6 +508,14 @@ module.exports = React.createClass({
    },

    _renderSsoStep: function(url) {
+        // XXX: This link does *not* have a target="_blank" because single sign-on relies on
+        // redirecting the user back to a URI once they're logged in. On the web, this means
+        // we use the same window and redirect back to riot. On electron, this actually
+        // opens the SSO page in the electron app itself due to
+        // https://github.com/electron/electron/issues/8841 and so happens to work.
+        // If this bug gets fixed, it will break SSO since it will open the SSO page in the
+        // user's browser, let them log into their SSO provider, then redirect their browser
+        // to vector://vector which, of course, will not work.
        return (
            <a href={url} className="mx_Login_sso_link">{ _t('Sign in with single sign-on') }</a>
        );