Permalink
Browse files

Tighten link security

  • Loading branch information...
philwareham committed Sep 11, 2018
1 parent 62cd03e commit e739006fdea02083277d1a98ee6954a033c51d32
@@ -85,7 +85,10 @@ function header()
}
$out[] = '<li class="txp-view-site">'.
href(gTxt('tab_view_site'), hu, array('target' => '_blank')).
href(gTxt('tab_view_site'), hu, array(
'rel' => 'noopener',
'target' => '_blank'
)).
'</li>';
$out[] = '</ul>';
@@ -85,6 +85,7 @@ function header()
$out[] = '</nav>';
$out[] = graf(
href(span(htmlspecialchars(get_pref('sitename')), array('class' => 'txp-view-site-name')), hu, array(
'rel' => 'noopener',
'target' => '_blank',
'title' => gTxt('tab_view_site'),
)), array('class' => 'txp-view-site'));
@@ -85,6 +85,7 @@ function header()
$out[] = '</nav>';
$out[] = graf(
href(span(htmlspecialchars(get_pref('sitename')), array('class' => 'txp-view-site-name')), hu, array(
'rel' => 'noopener',
'target' => '_blank',
'title' => gTxt('tab_view_site'),
)), array('class' => 'txp-view-site'));
@@ -1668,6 +1668,7 @@ function article_partial_article_view($rs)
return n.href('<span class="ui-icon ui-icon-notice"></span> '.gTxt('view'), $url, array(
'class' => 'txp-article-view',
'id' => 'article_partial_article_view',
'rel' => 'noopener',
'target' => '_blank',
));
}
@@ -441,6 +441,7 @@ function list_list($message = '', $post = '')
).
td($view_url ?
href($Status, $view_url, join_atts(array(
'rel' => 'noopener',
'target' => '_blank',
'title' => gTxt('view'),
), TEXTPATTERN_STRIP_EMPTY)) : $Status, '', 'txp-list-col-status'
@@ -253,13 +253,13 @@ function log_list($message = '')
extract($a, EXTR_PREFIX_ALL, 'log');
if ($log_refer) {
$log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' target="_blank"');
$log_refer = href(txpspecialchars(soft_wrap(preg_replace('#^http://#', '', $log_refer), 30)), txpspecialchars($log_refer), ' rel="external" target="_blank"');
}
if ($log_page) {
$log_anchor = preg_replace('/\/$/', '', $log_page);
$log_anchor = soft_wrap(substr($log_anchor, 1), 30);
$log_page = href('/'.txpspecialchars($log_anchor), rtrim(hu,'/').txpspecialchars($log_page), ' target="_blank"');
$log_page = href('/'.txpspecialchars($log_anchor), rtrim(hu,'/').txpspecialchars($log_page), ' rel="external" target="_blank"');
if ($log_method == 'POST') {
$log_page = strong($log_page);
@@ -469,7 +469,7 @@ public function asTag($aslink = true, $aspopup = false)
if ($aslink === true) {
return '<a href="'.((empty($this->linkurl)) ? $this->_SRC['file'] : $this->linkurl).'" '.
(($aspopup === true) ? 'target="_blank"' : '').'>'.$imgtag.'</a>';
(($aspopup === true) ? ' rel="noopener" target="_blank"' : '').'>'.$imgtag.'</a>';
}
return $imgtag;

0 comments on commit e739006

Please sign in to comment.