OpenCloud
/
PeerTube
mirror of https://github.com/Chocobozzz/PeerTube
1
0
Fork 0
Code Issues Releases Wiki Activity

More secure target blank links

pull/364/head
Chocobozzz 2018-03-19 18:30:28 +01:00
parent 9af61e8430
commit 632c5e3629
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
6 changed files with 18 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/src/app/+admin/video-abuses/video-abuse-list/video-abuse-list.component.html
View File

@ -19,13 +19,13 @@
<tr> <tr>
<td>{{ videoAbuse.reason }}</td> <td>{{ videoAbuse.reason }}</td>
<td> <td>
<a [href]="videoAbuse.reporterAccount.url" title="Go to the account" target="_blank"> <a [href]="videoAbuse.reporterAccount.url" title="Go to the account" target="_blank" rel="noopener noreferrer">
{{ createByString(videoAbuse.reporterAccount) }} {{ createByString(videoAbuse.reporterAccount) }}
</a> </a>
</td> </td>
<td>{{ videoAbuse.createdAt }}</td> <td>{{ videoAbuse.createdAt }}</td>
<td> <td>
<a [href]="videoAbuse.video.url" title="Go to the video" target="_blank"> <a [href]="videoAbuse.video.url" title="Go to the video" target="_blank" rel="noopener noreferrer">
{{ videoAbuse.video.name }} {{ videoAbuse.video.name }}
</a> </a>
</td> </td>

3
client/src/app/shared/misc/help.component.ts
View File

@ -46,7 +46,8 @@ export class HelpComponent implements OnInit {
} }
private formatMarkdownSupport (rules: string[]) { private formatMarkdownSupport (rules: string[]) {
return '<a href="https://en.wikipedia.org/wiki/Markdown#Example" target="_blank">Markdown</a> compatible that supports:' + return '<a href="https://en.wikipedia.org/wiki/Markdown#Example" target="_blank" rel="noopener noreferrer">Markdown</a> ' +
'compatible that supports:' +
this.createMarkdownList(rules) this.createMarkdownList(rules)
} }

2
client/src/app/videos/+video-watch/comment/video-comment.component.html
View File

@ -5,7 +5,7 @@
<div *ngIf="highlightedComment === true" class="highlighted-comment">Highlighted comment</div> <div *ngIf="highlightedComment === true" class="highlighted-comment">Highlighted comment</div>
<div class="comment-account-date"> <div class="comment-account-date">
<a target="_blank" [href]="comment.account.url" class="comment-account">{{ comment.by }}</a> <a [href]="comment.account.url" target="_blank" rel="noopener noreferrer" class="comment-account">{{ comment.by }}</a>
<a [routerLink]="['/videos/watch', video.uuid, { 'threadId': comment.threadId }]" class="comment-date">{{ comment.createdAt | myFromNow }}</a> <a [routerLink]="['/videos/watch', video.uuid, { 'threadId': comment.threadId }]" class="comment-date">{{ comment.createdAt | myFromNow }}</a>
</div> </div>
<div class="comment-html" [innerHTML]="sanitizedCommentHTML"></div> <div class="comment-html" [innerHTML]="sanitizedCommentHTML"></div>

3
client/src/app/videos/+video-watch/comment/video-comment.component.ts
View File

@ -107,7 +107,8 @@ export class VideoCommentComponent implements OnInit, OnChanges {
return { return {
tagName, tagName,
attribs: Object.assign(attribs, { attribs: Object.assign(attribs, {
target: '_blank' target: '_blank',
rel: 'noopener noreferrer'
}) })
} }
} }

2
client/src/app/videos/+video-watch/video-watch.component.html
View File

@ -183,7 +183,7 @@
<strong>Friendly Reminder:</strong> <strong>Friendly Reminder:</strong>
<div class="privacy-concerns-text"> <div class="privacy-concerns-text">
The sharing system used by this video implies that some technical information about your system (such as a public IP address) can be accessed publicly. The sharing system used by this video implies that some technical information about your system (such as a public IP address) can be accessed publicly.
<a title="Get more information" target="_blank" href="/about#p2p-privacy">More information</a> <a title="Get more information" target="_blank" rel="noopener noreferrer" href="/about#p2p-privacy">More information</a>
</div> </div>
<div class="privacy-concerns-okay" (click)="acceptedPrivacyConcern()"> <div class="privacy-concerns-okay" (click)="acceptedPrivacyConcern()">

19
client/src/app/videos/shared/markdown.service.ts
View File

@ -52,18 +52,19 @@ export class MarkdownService {
return self.renderToken(tokens, idx, options) return self.renderToken(tokens, idx, options)
} }
markdownIt.renderer.rules.link_open = function (tokens, idx, options, env, self) { markdownIt.renderer.rules.link_open = function (tokens, index, options, env, self) {
// If you are sure other plugins can't add `target` - drop check below const token = tokens[index]
const aIndex = tokens[idx].attrIndex('target')
if (aIndex < 0) { const targetIndex = token.attrIndex('target')
tokens[idx].attrPush(['target', '_blank']) // add new attribute if (targetIndex < 0) token.attrPush([ 'target', '_blank' ])
} else { else token.attrs[targetIndex][1] = '_blank'
tokens[idx].attrs[aIndex][1] = '_blank' // replace value of existing attr
} const relIndex = token.attrIndex('rel')
if (relIndex < 0) token.attrPush([ 'rel', 'noopener noreferrer' ])
else token.attrs[relIndex][1] = 'noopener noreferrer'
// pass token to default renderer. // pass token to default renderer.
return defaultRender(tokens, idx, options, env, self) return defaultRender(tokens, index, options, env, self)
} }
} }