Skip to content
Permalink
Browse files

feat(security): use rel="noopener noreferrer" with all target="_blank"

  • Loading branch information
talha131 committed Dec 2, 2019
1 parent 5710d11 commit 4c843e9a0c66bb2656ef5df4411d4c891c493a11
@@ -0,0 +1,18 @@
Title: Elegant Is Safe
Tags: security,
Category: 101 — Quick Start
Date: 2019-12-02 11:45
Slug: elegant-is-safe
Subtitle:
Summary:
Keywords:
Authors: Talha Mansoor

Static sites are usually safer than server side rendered sites. There can be some edge cases though even for a static site.

We came to know about a potential security issue that involves, `target="_blank"`. We have updated our code to follow the recommended fix.

You can read more about the issue and its fix at these links,

1. [About rel=noopener](https://mathiasbynens.github.io/rel-noopener/)
1. [react/jsx-no-target-blank](https://github.com/yannickcr/eslint-plugin-react/blob/master/docs/rules/jsx-no-target-blank.md)
@@ -14,7 +14,7 @@ For example,

```python
SITE_LICENSE = """Content licensed under <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/" target="_blank">
href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="nofollow noopener noreferrer">
Creative Commons Attribution 4.0 International License</a>."""
```

@@ -113,7 +113,7 @@

# Legal
SITE_LICENSE = """Content licensed under <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/" target="_blank">
href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="nofollow noopener noreferrer">
Creative Commons Attribution 4.0 International License</a>."""
HOSTED_ON = {"name": "Netlify", "url": "https://www.netlify.com/"}

@@ -9,7 +9,7 @@
{% endif %}
{% set auth = AUTHORS.get(author|string) %}
<div class="author_blurb">
<a href="{{ auth.url }}" target="_blank" rel="nofollow">
<a href="{{ auth.url }}" target="_blank" rel="nofollow noopener noreferrer">
{% if AUTHORS.get(author|string).avatar %}
<img src={{auth.avatar}} alt="{{author}} Avatar" title="{{author}}">
{% endif %}
@@ -25,12 +25,12 @@
{% endif %}

<div id="fpowered">
Powered by: <a href="http://getpelican.com/" title="Pelican Home Page" target="_blank" rel="nofollow">Pelican</a>
Theme: <a href="https://elegant.oncrashreboot.com/" title="Theme Elegant Home Page" target="_blank" rel="nofollow">Elegant</a>
Powered by: <a href="http://getpelican.com/" title="Pelican Home Page" target="_blank" rel="nofollow noopener noreferrer">Pelican</a>
Theme: <a href="https://elegant.oncrashreboot.com/" title="Theme Elegant Home Page" target="_blank" rel="nofollow noopener noreferrer">Elegant</a>
{% if HOSTED_ON and HOSTED_ON.name %}
Hosted on:
{% if HOSTED_ON.url %}
<a href={{HOSTED_ON.url}} target="_blank" rel="nofollow">
<a href={{HOSTED_ON.url}} target="_blank" rel="nofollow noopener noreferrer">
{{HOSTED_ON.name}}
</a>
{% else %}
@@ -7,11 +7,11 @@
{% from '_includes/_defaults.html' import SHARE_POST_INTRO with context %}
{{ SHARE_POST_INTRO }}
{% endif %}
<a href="{{article.share_post['twitter']}}" target="_blank" title="Share on Twitter">Twitter</a>
<a href="{{article.share_post['twitter']}}" target="_blank" rel="nofollow noopener noreferrer" title="Share on Twitter">Twitter</a>
<a href="{{article.share_post['facebook']}}" target="_blank" title="Share on Facebook">Facebook</a>
<a href="{{article.share_post['facebook']}}" target="_blank" rel="nofollow noopener noreferrer" title="Share on Facebook">Facebook</a>
<a href="{{article.share_post['email']}}" target="_blank" title="Share via Email">Email</a>
<a href="{{article.share_post['email']}}" target="_blank" rel="nofollow noopener noreferrer" title="Share via Email">Email</a>
</p>
{% endif %}
{% endmacro %}

Large diffs are not rendered by default.

@@ -11,7 +11,7 @@
"statcounter.com/counter/counter.js'></"+"script>");
</script>
<noscript><div class="statcounter"><a title="web analytics"
href="http://statcounter.com/" target="_blank"><img
href="http://statcounter.com/" target="_blank" rel="nofollow noopener noreferrer"><img
class="statcounter"
src="//c.statcounter.com/{{ STAT_COUNTER_PROJECT }}/0/{{ STAT_COUNTER_SECURITY }}/1/"
alt="web analytics"></a></div></noscript>

0 comments on commit 4c843e9

Please sign in to comment.
You can’t perform that action at this time.