Add noopener and/or noreferrer (#12202)

2019-10-25 05:44:42 +09:00
parent 237293fd8c
commit fccf83e1f2
27 changed files with 46 additions and 45 deletions
--- a/app/lib/formatter.rb
+++ b/app/lib/formatter.rb
@ -251,7 +251,7 @@ class Formatter

  def link_to_url(entity, options = {})
    url        = Addressable::URI.parse(entity[:url])
-    html_attrs = { target: '_blank', rel: 'nofollow noopener' }
+    html_attrs = { target: '_blank', rel: 'nofollow noopener noreferrer' }

    html_attrs[:rel] = "me #{html_attrs[:rel]}" if options[:me]

--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@ -45,7 +45,7 @@ class Sanitize

      add_attributes: {
        'a' => {
-          'rel' => 'nofollow noopener',
+          'rel' => 'nofollow noopener noreferrer',
          'target' => '_blank',
        },
      },