Skip to content
Permalink
Browse files
fix(links): trust the external links (DSP-1904) (#537)
  • Loading branch information
kilchenmann committed Sep 17, 2021
1 parent 4310ff7 commit 303ac3dd450c52fc7468b90844244274a549b7b0
Showing with 7 additions and 3 deletions.
  1. +7 −3 src/app/main/directive/external-links.directive.ts
@@ -1,5 +1,6 @@
import { isPlatformBrowser } from '@angular/common';
import { Directive, HostBinding, Inject, Input, OnChanges, PLATFORM_ID } from '@angular/core';
import { DomSanitizer, SafeUrl } from '@angular/platform-browser';

@Directive({
selector: 'a[href]'
@@ -9,14 +10,17 @@ export class ExternalLinksDirective implements OnChanges {
@Input() href: string;
@HostBinding('attr.rel') relAttr = '';
@HostBinding('attr.target') targetAttr = '';
@HostBinding('attr.href') hrefAttr = '';
@HostBinding('attr.href') hrefAttr: SafeUrl;
@HostBinding('class') class = 'external-link';

// to check if we are running on the server, give a token value
constructor(@Inject(PLATFORM_ID) private platformId: string) { }
constructor(
@Inject(PLATFORM_ID) private platformId: string,
private _sanitizer: DomSanitizer
) { }

ngOnChanges() {
this.hrefAttr = this.href;
this.hrefAttr = this._sanitizer.bypassSecurityTrustUrl(this.href);

if (this._isLinkExternal()) {
// makes sure that the new browser tab does not run on the same process and prevent it from accessing window.opener

0 comments on commit 303ac3d

Please sign in to comment.