Fix and enforce `noopener noreferrer` on `target=_blank`
See https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/ Also prefer `rel` to `referrerpolicy` since it is much better supported: https://developer.mozilla.org/en-US/docs/Web/API/HTMLAnchorElement/rel https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy Closes #12767
This commit is contained in:
parent
9eb7ce7551
commit
92875a13ce
|
@ -40,7 +40,6 @@
|
|||
"react/jsx-indent-props": "off",
|
||||
"react/jsx-key": "off",
|
||||
"react/jsx-handler-names": "off",
|
||||
"react/jsx-no-target-blank": "off",
|
||||
"react/jsx-closing-bracket-location": "off",
|
||||
"react/jsx-closing-tag-location": "off",
|
||||
"react/jsx-curly-newline": "off",
|
||||
|
|
|
@ -63,7 +63,7 @@ export class Application extends React.Component {
|
|||
return urls.map(url => {
|
||||
if (url.type == 'homepage') {
|
||||
return (<div className="app-links" key={url.link}>
|
||||
<a href={url.link} target="_blank" rel="noopener" data-linkedhost={url.link}>
|
||||
<a href={url.link} target="_blank" rel="noopener noreferrer" data-linkedhost={url.link}>
|
||||
View Project Website <i className="fa fa-external-link" aria-hidden="true" />
|
||||
</a>
|
||||
</div>);
|
||||
|
|
|
@ -223,7 +223,7 @@ class UpdateItem extends React.Component {
|
|||
if (info.bug_urls && info.bug_urls.length) {
|
||||
// we assume a bug URL ends with a number; if not, show the complete URL
|
||||
bugs = insertCommas(info.bug_urls.map(url => (
|
||||
<a key={url} rel="noopener" referrerPolicy="no-referrer" target="_blank" href={url}>
|
||||
<a key={url} rel="noopener noreferrer" target="_blank" href={url}>
|
||||
{url.match(/[0-9]+$/) || url}
|
||||
</a>)
|
||||
));
|
||||
|
@ -232,7 +232,7 @@ class UpdateItem extends React.Component {
|
|||
var cves = null;
|
||||
if (info.cve_urls && info.cve_urls.length) {
|
||||
cves = insertCommas(info.cve_urls.map(url => (
|
||||
<a key={url} href={url} rel="noopener" referrerPolicy="no-referrer" target="_blank">
|
||||
<a key={url} href={url} rel="noopener noreferrer" target="_blank">
|
||||
{url.match(/[^/=]+$/)}
|
||||
</a>)
|
||||
));
|
||||
|
@ -241,7 +241,7 @@ class UpdateItem extends React.Component {
|
|||
var errata = null;
|
||||
if (info.vendor_urls) {
|
||||
errata = insertCommas(info.vendor_urls.filter(url => url.indexOf("/errata/") > 0).map(url => (
|
||||
<a key={url} href={url} rel="noopener" referrerPolicy="no-referrer" target="_blank">
|
||||
<a key={url} href={url} rel="noopener noreferrer" target="_blank">
|
||||
{url.match(/[^/=]+$/)}
|
||||
</a>)
|
||||
));
|
||||
|
@ -255,7 +255,7 @@ class UpdateItem extends React.Component {
|
|||
var type;
|
||||
if (info.severity === PK.Enum.INFO_SECURITY) {
|
||||
if (secSeverityURL)
|
||||
secSeverityURL = <a rel="noopener" referrerPolicy="no-referrer" target="_blank" href={secSeverityURL}>{secSeverity}</a>;
|
||||
secSeverityURL = <a rel="noopener noreferrer" target="_blank" href={secSeverityURL}>{secSeverity}</a>;
|
||||
type = (
|
||||
<>
|
||||
<OverlayTrigger overlay={ <Tooltip id="tip-severity">{ secSeverity || _("security") }</Tooltip> } placement="top">
|
||||
|
|
Loading…
Reference in New Issue