Skip to content

Commit

Permalink
Merge pull request #300 from kuppalli/sonar-linting-errors
Browse files Browse the repository at this point in the history 
Security fix | Links with "target=_blank" should prevent phishing attacks
  • Loading branch information
@jkphl
jkphl committed Nov 18, 2019
2 parents 6966592 + aac52bf commit 304a347
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 37 deletions.
2 changes: 1 addition & 1 deletion tmpl/css/sprite.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ <h2>{{name}}</h2>

</section>
<footer>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank">svg-sprite</a>.</p>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank" rel="noopener noreferrer">svg-sprite</a>.</p>
</footer>
</body>
</html>
2 changes: 1 addition & 1 deletion tmpl/defs/sprite.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ <h2>{{name}}</h2>

</section>
<footer>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank">svg-sprite</a>.</p>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank" rel="noopener noreferrer">svg-sprite</a>.</p>
</footer>
</body>
</html>
18 changes: 9 additions & 9 deletions tmpl/stack/sprite.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
<meta http-equiv="X-UA-Compatible" content="IE=Edge"/>
<title>SVG stack preview | svg-sprite</title>
<style>@charset "UTF-8";body{padding:0;margin:0;color:#666;background:#fafafa;font-family:Arial,Helvetica,sans-serif;font-size:1em;line-height:1.4}header{display:block;padding:3em 3em 2em 3em;background-color:#fff}header p{margin:2em 0 0 0}section{border-top:1px solid #eee;padding:2em 3em 0 3em}section ul{margin:0;padding:0}section li{display:inline;display:inline-block;background-color:#fff;position:relative;margin:0 2em 2em 0;vertical-align:top;border:1px solid #ccc;padding:1em 1em 3em 1em;cursor:default}.icon-box{margin:0;width:144px;height:144px;position:relative;background:#ccc url("data:image/gif;base64,R0lGODlhDAAMAIAAAMzMzP///yH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4wLWMwNjEgNjQuMTQwOTQ5LCAyMDEwLzEyLzA3LTEwOjU3OjAxICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M1LjEgV2luZG93cyIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDozQjk4OTI0MUY5NTIxMUUyQkJDMEI5NEFEM0Y1QTYwQyIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDozQjk4OTI0MkY5NTIxMUUyQkJDMEI5NEFEM0Y1QTYwQyI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjNCOTg5MjNGRjk1MjExRTJCQkMwQjk0QUQzRjVBNjBDIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjNCOTg5MjQwRjk1MjExRTJCQkMwQjk0QUQzRjVBNjBDIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+Af/+/fz7+vn49/b19PPy8fDv7u3s6+rp6Ofm5eTj4uHg397d3Nva2djX1tXU09LR0M/OzczLysnIx8bFxMPCwcC/vr28u7q5uLe2tbSzsrGwr66trKuqqainpqWko6KhoJ+enZybmpmYl5aVlJOSkZCPjo2Mi4qJiIeGhYSDgoGAf359fHt6eXh3dnV0c3JxcG9ubWxramloZ2ZlZGNiYWBfXl1cW1pZWFdWVVRTUlFQT05NTEtKSUhHRkVEQ0JBQD8+PTw7Ojk4NzY1NDMyMTAvLi0sKyopKCcmJSQjIiEgHx4dHBsaGRgXFhUUExIREA8ODQwLCgkIBwYFBAMCAQAAIfkEAAAAAAAsAAAAAAwADAAAAhaEH6mHmmzcgzJAUG/NVGrfOZ8YLlABADs=") top left repeat;border:1px solid #ccc;display:table-cell;vertical-align:middle;text-align:center}.icon{display:inline;display:inline-block}h1{margin-top:0}h2{margin:0;padding:0;font-size:1em;font-weight:normal;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;position:absolute;left:1em;right:1em;bottom:1em}footer{display:block;margin:0;padding:0 3em 3em 3em}footer p{margin:0;font-size:.7em}footer a{color:#0f7595;margin-left:0}</style>

<!--
Sprite shape dimensions
====================================================================================================
You will need to set the sprite shape dimensions via CSS when you use them as stack SVGs, otherwise
Expand Down Expand Up @@ -35,25 +35,25 @@ <h1>SVG stack preview</h1>
</ul>
</header>
<section>

<!--
SVG stack
====================================================================================================
These SVG images make use of fragment identifiers (IDs) to reference certain portions of the
external sprite. By default, all shapes inside the sprite are hidden by CSS. The `:target` pseudo
selector is used to show the very shape that is referenced by the fragment identifier.
selector is used to show the very shape that is referenced by the fragment identifier.
-->

<ul>

{{#shapes}} <li title="{{name}}">
<div class="icon-box">

<!-- {{name}} -->
<img src="{{{example}}}#{{name}}" class="{{#selector.dimensions}}{{#last}}{{#classname}}{{raw}}{{/classname}}{{/last}}{{/selector.dimensions}}" alt="{{name}}"/>

</div>
<h2>{{name}}</h2>
</li>
Expand All @@ -65,7 +65,7 @@ <h2>{{name}}</h2>

</section>
<footer>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank">svg-sprite</a>.</p>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank" rel="noopener noreferrer">svg-sprite</a>.</p>
</footer>
</body>
</html>
26 changes: 13 additions & 13 deletions tmpl/symbol/sprite.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@
<script>svg4everybody();</script>
<title>SVG &lt;symbol&gt; sprite preview | svg-sprite</title>
<style>@charset "UTF-8";body{padding:0;margin:0;color:#666;background:#fafafa;font-family:Arial,Helvetica,sans-serif;font-size:1em;line-height:1.4}header{display:block;padding:3em 3em 2em 3em;background-color:#fff}header p{margin:2em 0 0 0}section{border-top:1px solid #eee;padding:2em 3em 0 3em}section ul{margin:0;padding:0}section li{display:inline;display:inline-block;background-color:#fff;position:relative;margin:0 2em 2em 0;vertical-align:top;border:1px solid #ccc;padding:1em 1em 3em 1em;cursor:default}.icon-box{margin:0;width:144px;height:144px;position:relative;background:#ccc url("data:image/gif;base64,R0lGODlhDAAMAIAAAMzMzP///yH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4wLWMwNjEgNjQuMTQwOTQ5LCAyMDEwLzEyLzA3LTEwOjU3OjAxICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M1LjEgV2luZG93cyIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDozQjk4OTI0MUY5NTIxMUUyQkJDMEI5NEFEM0Y1QTYwQyIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDozQjk4OTI0MkY5NTIxMUUyQkJDMEI5NEFEM0Y1QTYwQyI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjNCOTg5MjNGRjk1MjExRTJCQkMwQjk0QUQzRjVBNjBDIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjNCOTg5MjQwRjk1MjExRTJCQkMwQjk0QUQzRjVBNjBDIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+Af/+/fz7+vn49/b19PPy8fDv7u3s6+rp6Ofm5eTj4uHg397d3Nva2djX1tXU09LR0M/OzczLysnIx8bFxMPCwcC/vr28u7q5uLe2tbSzsrGwr66trKuqqainpqWko6KhoJ+enZybmpmYl5aVlJOSkZCPjo2Mi4qJiIeGhYSDgoGAf359fHt6eXh3dnV0c3JxcG9ubWxramloZ2ZlZGNiYWBfXl1cW1pZWFdWVVRTUlFQT05NTEtKSUhHRkVEQ0JBQD8+PTw7Ojk4NzY1NDMyMTAvLi0sKyopKCcmJSQjIiEgHx4dHBsaGRgXFhUUExIREA8ODQwLCgkIBwYFBAMCAQAAIfkEAAAAAAAsAAAAAAwADAAAAhaEH6mHmmzcgzJAUG/NVGrfOZ8YLlABADs=") top left repeat;border:1px solid #ccc;display:table-cell;vertical-align:middle;text-align:center}.icon{display:inline;display:inline-block}h1{margin-top:0}h2{margin:0;padding:0;font-size:1em;font-weight:normal;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;position:absolute;left:1em;right:1em;bottom:1em}footer{display:block;margin:0;padding:0 3em 3em 3em}footer p{margin:0;font-size:.7em}footer a{color:#0f7595;margin-left:0}</style>

<!--
Sprite shape dimensions
====================================================================================================
You will need to set the sprite shape dimensions via CSS when you use them as inline SVG, otherwise
Expand All @@ -27,9 +27,9 @@

</head>
<body>

<!--
Inline <symbol> SVG sprite
====================================================================================================
This is an inlined version of the generated SVG sprite. The single images may be <use>d everywhere
Expand All @@ -49,7 +49,7 @@
<!--
====================================================================================================
-->

<header>
<h1>SVG <code>&lt;symbol&gt;</code> sprite preview</h1>
<p>This preview features two methods of using the generated sprite in conjunction with inline SVG. Please have a look at the HTML source for further details and be aware of the following constraints:</p>
Expand All @@ -62,7 +62,7 @@ <h1>SVG <code>&lt;symbol&gt;</code> sprite preview</h1>
<section>

<!--
A) Inline SVG with embedded sprite
====================================================================================================
These SVG images make use of fragment identifiers (IDs) and are extracted out of the inline sprite
Expand All @@ -75,12 +75,12 @@ <h3>A) Inline SVG with embedded sprite</h3>

{{#shapes}} <li title="{{name}}">
<div class="icon-box">

<!-- {{name}} -->
<svg class="{{#selector.dimensions}}{{#last}}{{#classname}}{{raw}}{{/classname}}{{/last}}{{/selector.dimensions}}">
<use xlink:href="#{{name}}"></use>
</svg>

</div>
<h2>{{name}}</h2>
</li>
Expand All @@ -94,7 +94,7 @@ <h2>{{name}}</h2>
<section>

<!--
B) Inline SVG with external sprite (IE 9-11 with polyfill only)
====================================================================================================
These SVG images make use of an URL + fragment identifiers (IDs) and refer to the regular external
Expand All @@ -104,15 +104,15 @@ <h2>{{name}}</h2>

<h3>B) Inline SVG with external sprite (IE 9-11 with polyfill only)</h3>
{{#inline}}<p>Please set the <code>inline</code> option to <code>FALSE</code> in order to preview this method.</p>{{/inline}}{{^inline}}<ul>

{{#shapes}} <li title="{{name}}">
<div class="icon-box">

<!-- {{name}} -->
<svg class="{{#selector.dimensions}}{{#last}}{{#classname}}{{raw}}{{/classname}}{{/last}}{{/selector.dimensions}}">
<use xlink:href="{{{example}}}#{{name}}"></use>
</svg>

</div>
<h2>{{name}}</h2>
</li>
Expand All @@ -124,7 +124,7 @@ <h2>{{name}}</h2>

</section>
<footer>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank">svg-sprite</a>.</p>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank" rel="noopener noreferrer">svg-sprite</a>.</p>
</footer>
</body>
</html>
26 changes: 13 additions & 13 deletions tmpl/view/sprite.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@
<style>i{text-indent:200%;white-space:nowrap;overflow:hidden;display:inline-block}</style>

<!--
Sprite CSS
====================================================================================================
This is an all-in-one inline version of the CSS necessary to use the SVG sprite.
This is an all-in-one inline version of the CSS necessary to use the SVG sprite.
-->

Expand All @@ -23,9 +23,9 @@
height: {{height.outer}}px;
}
{{/shapes}}</style>

<!--
Sprite shape dimensions
====================================================================================================
If you use the sprite in conjunction with the pre-defined views (respectively fragment identifiers),
Expand Down Expand Up @@ -56,7 +56,7 @@ <h1>SVG <code>&lt;view&gt;</code> sprite preview</h1>
<section>

<!--
A) Conventional CSS sprite
====================================================================================================
This technique uses CSS classes to display portions of the sprite as background image of
Expand All @@ -66,13 +66,13 @@ <h1>SVG <code>&lt;view&gt;</code> sprite preview</h1>

<h3>A) Conventional CSS sprite</h3>
<ul>

{{#shapes}} <li title="{{name}}">
<div class="icon-box">

<!-- {{name}} -->
<i class="{{#selector.shape}}{{#last}}{{#classname}}{{raw}}{{/classname}}{{/last}}{{/selector.shape}}">{{name}}</i>

</div>
<h2>{{name}}</h2>
</li>
Expand All @@ -86,7 +86,7 @@ <h2>{{name}}</h2>
<section>

<!--
B) External sprite with pre-defined views referenced by fragment identifiers
====================================================================================================
These SVG images make use of fragment identifiers (IDs) and are referencing the <view> elements
Expand All @@ -96,13 +96,13 @@ <h2>{{name}}</h2>

<h3>B) External sprite with pre-defined views referenced by fragment identifiers</h3>
<ul>

{{#shapes}} <li title="{{name}}">
<div class="icon-box">

<!-- {{name}} -->
<img src="{{{example}}}#{{name}}" class="{{#selector.shape}}{{#last}}{{#classname}}{{raw}}{{/classname}}-dims{{/last}}{{/selector.shape}}" alt="{{name}}"/>

</div>
<h2>{{name}}</h2>
</li>
Expand All @@ -114,7 +114,7 @@ <h2>{{name}}</h2>

</section>
<footer>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank">svg-sprite</a>.</p>
<p>Generated at {{date}} by <a href="https://github.com/jkphl/svg-sprite" target="_blank" rel="noopener noreferrer">svg-sprite</a>.</p>
</footer>
</body>
</html>

0 comments on commit 304a347

Please sign in to comment.