libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-19 14:13:34 +01:00
Code Issues Projects Releases Wiki Activity

null link on plugins and noopener / noreferrer

Browse source 
Resolves a (non) security issue brought up by LGTM but I think the noopener and norefferer are good shouts
This commit is contained in:
John McLear 2021-02-21 19:30:39 +00:00 committed by GitHub
parent 2c763fb4d1
commit 6b6201b448
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/static/js/admin/plugins.js
View file

@ -84,9 +84,10 @@ $(document).ready(() => {
for (const attr in plugin) { for (const attr in plugin) {
if (attr === 'name') { // Hack to rewrite URLS into name if (attr === 'name') { // Hack to rewrite URLS into name
const link = $('<a>'); const link = $('<a href="">'); // intentional null href
link.attr('href', `https://npmjs.org/package/${plugin.name}`); link.attr('href', `https://npmjs.org/package/${plugin.name}`);
link.attr('plugin', 'Plugin details'); link.attr('plugin', 'Plugin details');
link.attr('rel', 'noopener noreferrer');
link.attr('target', '_blank'); link.attr('target', '_blank');
link.text(plugin.name.substr(3)); link.text(plugin.name.substr(3));
row.find('.name').append(link); row.find('.name').append(link);