feat(security): use rel="noopener noreferrer" with all target="_blank"

Pelican-Elegant · Dec 2, 2019 · 4c843e9a0c66bb2656ef5df4411d4c891c493a11 · 4c843e9
1 parent 5710d11
commit 4c843e9a0c66bb2656ef5df4411d4c891c493a11
diff --git a/documentation/content/101 Quick Start/security.md b/documentation/content/101 Quick Start/security.md
@@ -0,0 +1,18 @@
+Title: Elegant Is Safe
+Tags: security,
+Category: 101 — Quick Start
+Date: 2019-12-02 11:45
+Slug: elegant-is-safe
+Subtitle:
+Summary:
+Keywords:
+Authors: Talha Mansoor
+
+Static sites are usually safer than server side rendered sites. There can be some edge cases though even for a static site.
+
+We came to know about a potential security issue that involves, `target="_blank"`. We have updated our code to follow the recommended fix.
+
+You can read more about the issue and its fix at these links,
+
+1. [About rel=noopener](https://mathiasbynens.github.io/rel-noopener/)
+1. [react/jsx-no-target-blank](https://github.com/yannickcr/eslint-plugin-react/blob/master/docs/rules/jsx-no-target-blank.md)
diff --git a/documentation/content/Components/add-license.md b/documentation/content/Components/add-license.md
@@ -14,7 +14,7 @@ For example,
 
 ```python
 SITE_LICENSE = """Content licensed under <a rel="license"
-    href="http://creativecommons.org/licenses/by/4.0/" target="_blank">
+    href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="nofollow noopener noreferrer">
     Creative Commons Attribution 4.0 International License</a>."""
 ```
 

diff --git a/documentation/pelicanconf.py b/documentation/pelicanconf.py
@@ -113,7 +113,7 @@
 
 # Legal
 SITE_LICENSE = """Content licensed under <a rel="license"
-    href="http://creativecommons.org/licenses/by/4.0/" target="_blank">
+    href="http://creativecommons.org/licenses/by/4.0/" target="_blank" rel="nofollow noopener noreferrer">
     Creative Commons Attribution 4.0 International License</a>."""
 HOSTED_ON = {"name": "Netlify", "url": "https://www.netlify.com/"}
 

diff --git a/templates/_includes/article_author.html b/templates/_includes/article_author.html
@@ -9,7 +9,7 @@
     {% endif %}
     {% set auth = AUTHORS.get(author|string) %}
     <div class="author_blurb">
-        <a href="{{ auth.url }}" target="_blank" rel="nofollow">
+        <a href="{{ auth.url }}" target="_blank" rel="nofollow noopener noreferrer">
             {% if AUTHORS.get(author|string).avatar %}
             <img src={{auth.avatar}} alt="{{author}} Avatar" title="{{author}}">
             {% endif %}

diff --git a/templates/_includes/footer.html b/templates/_includes/footer.html
@@ -25,12 +25,12 @@
     {% endif %}
 
     <div id="fpowered">
-        Powered by: <a href="http://getpelican.com/" title="Pelican Home Page" target="_blank" rel="nofollow">Pelican</a>
-        Theme: <a href="https://elegant.oncrashreboot.com/" title="Theme Elegant Home Page" target="_blank" rel="nofollow">Elegant</a>
+        Powered by: <a href="http://getpelican.com/" title="Pelican Home Page" target="_blank" rel="nofollow noopener noreferrer">Pelican</a>
+        Theme: <a href="https://elegant.oncrashreboot.com/" title="Theme Elegant Home Page" target="_blank" rel="nofollow noopener noreferrer">Elegant</a>
         {% if HOSTED_ON and HOSTED_ON.name %}
         Hosted on:
         {% if HOSTED_ON.url %}
-        <a href={{HOSTED_ON.url}} target="_blank" rel="nofollow">
+        <a href={{HOSTED_ON.url}} target="_blank" rel="nofollow noopener noreferrer">
             {{HOSTED_ON.name}}
         </a>
         {% else %}

diff --git a/templates/_includes/share_links.html b/templates/_includes/share_links.html
@@ -7,11 +7,11 @@
     {% from '_includes/_defaults.html' import SHARE_POST_INTRO with context %}
     {{ SHARE_POST_INTRO }}
     {% endif %}
-    <a href="{{article.share_post['twitter']}}" target="_blank" title="Share on Twitter">Twitter</a>
+    <a href="{{article.share_post['twitter']}}" target="_blank" rel="nofollow noopener noreferrer" title="Share on Twitter">Twitter</a>
     ❄
-    <a href="{{article.share_post['facebook']}}" target="_blank" title="Share on Facebook">Facebook</a>
+    <a href="{{article.share_post['facebook']}}" target="_blank" rel="nofollow noopener noreferrer" title="Share on Facebook">Facebook</a>
     ❄
-    <a href="{{article.share_post['email']}}" target="_blank" title="Share via Email">Email</a>
+    <a href="{{article.share_post['email']}}" target="_blank" rel="nofollow noopener noreferrer" title="Share via Email">Email</a>
     </p>
     {% endif %}
 {% endmacro %}
diff --git a/templates/_includes/social_links.html b/templates/_includes/social_links.html
diff --git a/templates/_includes/stat_counter.html b/templates/_includes/stat_counter.html
@@ -11,7 +11,7 @@
 "statcounter.com/counter/counter.js'></"+"script>");
 </script>
 <noscript><div class="statcounter"><a title="web analytics"
-href="http://statcounter.com/" target="_blank"><img
+href="http://statcounter.com/" target="_blank" rel="nofollow noopener noreferrer"><img
 class="statcounter"
 src="//c.statcounter.com/{{ STAT_COUNTER_PROJECT }}/0/{{ STAT_COUNTER_SECURITY }}/1/"
 alt="web analytics"></a></div></noscript>