LupusNobilis
/
sogo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add rel="noopener" to external links 

Fixes #4764
pull/252/head
Francis Lachapelle 2019-06-10 13:19:46 -04:00
parent 3129e149df
commit 0e918a446a
7 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@ -5,6 +5,7 @@ Enhancements
- [web] show calendar names of subscriptions in events blocks
- [web] show hints for mail vacation options (#4462)
- [web] allow to fetch unseen count of all mailboxes (#522, #2776, #4276)
- [web] add rel="noopener" to external links (#4764)
Bug fixes
- [web] fixed wrong translation of custom calendar categories

2
SoObjects/SOGo/NSString+Utilities.m
View File

@ -184,7 +184,7 @@ static int cssEscapingCount;
{
rangePtr->location += offset;
urlText = [selfCopy substringFromRange: *rangePtr];
newUrlText = [NSString stringWithFormat: @"<a href=\"%@%@\">%@</a>",
newUrlText = [NSString stringWithFormat: @"<a rel=\"noopener\" href=\"%@%@\">%@</a>",
([urlText hasPrefix: prefix]? @"" : prefix),
urlText, urlText];
[selfCopy replaceCharactersInRange: *rangePtr

2
UI/MailPartViewers/UIxMailPartHTMLViewer.m
View File

@ -521,6 +521,8 @@ _xmlCharsetForCharset (NSString *charset)
== NSNotFound
&& ![value hasPrefix: @"mailto:"]
&& ![value hasPrefix: @"#"]);
if (!skipAttribute)
[resultPart appendString: @" rel=\"noopener\""];
}
// Avoid: <div style="background:url('http://www.sogo.nu/fileadmin/sogo/logos/sogo.bts.png' ); width: 200px; height: 200px;" title="ssss">
else if ([name isEqualToString: @"style"])

2
UI/Templates/ContactsUI/UIxContactViewTemplate.wox
View File

@ -171,7 +171,7 @@
<div class="pseudo-input-container" ng-repeat="url in editor.card.urls">
<label class="pseudo-input-label"><var:entity const:name="nbsp"/>{{url.type.capitalize() | loc}}</label>
<div class="pseudo-input-field">
<a href="#" target="_new" ng-href="{{url.value}}">{{url.value}}</a>
<a href="#" rel="noopener" target="_new" ng-href="{{url.value}}">{{url.value}}</a>
</div>
</div>
</div>

2
UI/Templates/SchedulerUI/UIxAppointmentViewTemplate.wox
View File

@ -125,7 +125,7 @@
<!-- attach urls -->
<md-list-item ng-show="::(editor.component.attachUrls.length > 0)">
<md-icon>link</md-icon>
<p ng-repeat="url in ::editor.component.attachUrls"><a target="_new" ng-href="{{::url.value}}" ng-bind="::url.value"><!-- link --></a></p>
<p ng-repeat="url in ::editor.component.attachUrls"><a rel="noopener" target="_new" ng-href="{{::url.value}}" ng-bind="::url.value"><!-- link --></a></p>
</md-list-item>
<!-- comment -->
<md-list-item ng-show="::editor.component.comment">

2
UI/Templates/SchedulerUI/UIxTaskViewTemplate.wox
View File

@ -98,7 +98,7 @@
<!-- attach urls -->
<md-list-item ng-repeat="url in ::editor.component.attachUrls">
<md-icon>link</md-icon>
<p><a ng-href="{{::url.value}}" target="_new" ng-bind="::url.value"><!-- link --></a></p>
<p><a ng-href="{{::url.value}}" rel="noopener" target="_new" ng-bind="::url.value"><!-- link --></a></p>
</md-list-item>
<!-- comment -->
<md-list-item ng-show="::editor.component.comment">

2
UI/WebServerResources/js/Common/txt2html.filter.js
View File

@ -14,7 +14,7 @@
function txt2html(linkyFilter) {
return function(text) {
// Linky will first sanitize the text; linefeeds are therefore encoded.
return text ? String(linkyFilter(text, ' _blank')).replace(/&#10;/gm, '<br>') : undefined;
return text ? String(linkyFilter(text, ' _blank', { rel: 'noopener' })).replace(/&#10;/gm, '<br>') : undefined;
};
}