<tr>
<td>{{ videoAbuse.reason }}</td>
<td>
- <a [href]="videoAbuse.reporterAccount.url" title="Go to the account" target="_blank">
+ <a [href]="videoAbuse.reporterAccount.url" title="Go to the account" target="_blank" rel="noopener noreferrer">
{{ createByString(videoAbuse.reporterAccount) }}
</a>
</td>
<td>{{ videoAbuse.createdAt }}</td>
<td>
- <a [href]="videoAbuse.video.url" title="Go to the video" target="_blank">
+ <a [href]="videoAbuse.video.url" title="Go to the video" target="_blank" rel="noopener noreferrer">
{{ videoAbuse.video.name }}
</a>
</td>
}
private formatMarkdownSupport (rules: string[]) {
- return '<a href="https://en.wikipedia.org/wiki/Markdown#Example" target="_blank">Markdown</a> compatible that supports:' +
+ return '<a href="https://en.wikipedia.org/wiki/Markdown#Example" target="_blank" rel="noopener noreferrer">Markdown</a> ' +
+ 'compatible that supports:' +
this.createMarkdownList(rules)
}
<div *ngIf="highlightedComment === true" class="highlighted-comment">Highlighted comment</div>
<div class="comment-account-date">
- <a target="_blank" [href]="comment.account.url" class="comment-account">{{ comment.by }}</a>
+ <a [href]="comment.account.url" target="_blank" rel="noopener noreferrer" class="comment-account">{{ comment.by }}</a>
<a [routerLink]="['/videos/watch', video.uuid, { 'threadId': comment.threadId }]" class="comment-date">{{ comment.createdAt | myFromNow }}</a>
</div>
<div class="comment-html" [innerHTML]="sanitizedCommentHTML"></div>
<strong>Friendly Reminder:</strong>
<div class="privacy-concerns-text">
The sharing system used by this video implies that some technical information about your system (such as a public IP address) can be accessed publicly.
- <a title="Get more information" target="_blank" href="/about#p2p-privacy">More information</a>
+ <a title="Get more information" target="_blank" rel="noopener noreferrer" href="/about#p2p-privacy">More information</a>
</div>
<div class="privacy-concerns-okay" (click)="acceptedPrivacyConcern()">
return self.renderToken(tokens, idx, options)
}
- markdownIt.renderer.rules.link_open = function (tokens, idx, options, env, self) {
- // If you are sure other plugins can't add `target` - drop check below
- const aIndex = tokens[idx].attrIndex('target')
+ markdownIt.renderer.rules.link_open = function (tokens, index, options, env, self) {
+ const token = tokens[index]
- if (aIndex < 0) {
- tokens[idx].attrPush(['target', '_blank']) // add new attribute
- } else {
- tokens[idx].attrs[aIndex][1] = '_blank' // replace value of existing attr
- }
+ const targetIndex = token.attrIndex('target')
+ if (targetIndex < 0) token.attrPush([ 'target', '_blank' ])
+ else token.attrs[targetIndex][1] = '_blank'
+
+ const relIndex = token.attrIndex('rel')
+ if (relIndex < 0) token.attrPush([ 'rel', 'noopener noreferrer' ])
+ else token.attrs[relIndex][1] = 'noopener noreferrer'
// pass token to default renderer.
- return defaultRender(tokens, idx, options, env, self)
+ return defaultRender(tokens, index, options, env, self)
}
}
projects / oweals / peertube.git / commitdiff