Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #170 from lah7/master
Add rel=noopener to prevent a vulnerability in "_blank".
  • Loading branch information
jasonmayes committed Mar 30, 2018
2 parents 27440ff + 928bc02 commit 7d281c6
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
7 changes: 4 additions & 3 deletions js/twitterFetcher.js
Expand Up @@ -70,6 +70,7 @@
var links = el.getElementsByTagName('a');
for (var i = links.length - 1; i >= 0; i--) {
links[i].setAttribute('target', '_blank');
links[i].setAttribute('rel', 'noopener');
}
}

Expand Down Expand Up @@ -389,13 +390,13 @@
op += '<p class="interact"><a href="https://twitter.com/intent/' +
'tweet?in_reply_to=' + tids[n] +
'" class="twitter_reply_icon"' +
(targetBlank ? ' target="_blank">' : '>') +
(targetBlank ? ' target="_blank" rel="noopener">' : '>') +
'Reply</a><a href="https://twitter.com/intent/retweet?' +
'tweet_id=' + tids[n] + '" class="twitter_retweet_icon"' +
(targetBlank ? ' target="_blank">' : '>') + 'Retweet</a>' +
(targetBlank ? ' target="_blank" rel="noopener">' : '>') + 'Retweet</a>' +
'<a href="https://twitter.com/intent/favorite?tweet_id=' +
tids[n] + '" class="twitter_fav_icon"' +
(targetBlank ? ' target="_blank">' : '>') + 'Favorite</a></p>';
(targetBlank ? ' target="_blank" rel="noopener">' : '>') + 'Favorite</a></p>';
}
if (showImages && images[n] !== undefined && extractImageUrl(images[n]) !== undefined) {
op += '<div class="media">' +
Expand Down
8 changes: 4 additions & 4 deletions js/twitterFetcher_min.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 7d281c6

Please sign in to comment.