matrix/matrix-react-sdk
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-react-sdk.git synced 2025-11-07 10:46:24 +03:00
Code Activity

add rel='noopener' wherever we do target='_blank' because https://mathiasbynens.github.io/rel-noopener/

Browse Source
This commit is contained in:
Matthew Hodgson
2016-08-15 21:37:26 +01:00
parent a94d415106
commit 2a3b0e85ea
5 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/HtmlUtils.js
View File

@@ -69,7 +69,7 @@ var sanitizeHtmlParams = {
allowedAttributes: {
// custom ones first:
font: [ 'color' ], // custom to matrix
a: [ 'href', 'name', 'target' ], // remote target: custom to matrix
a: [ 'href', 'name', 'target', 'rel' ], // remote target: custom to matrix
// We don't currently allow img itself by default, but this
// would make sense if we did
img: [ 'src' ],
@@ -81,7 +81,7 @@ var sanitizeHtmlParams = {
allowedSchemesByTag: {
img: [ 'data' ],
},
transformTags: { // custom to matrix
// add blank targets to all hyperlinks except vector URLs
'a': function(tagName, attribs) {
@@ -92,6 +92,7 @@ var sanitizeHtmlParams = {
else {
attribs.target = '_blank';
}
attribs.rel = 'noopener'; // https://mathiasbynens.github.io/rel-noopener/
return { tagName: tagName, attribs : attribs };
},
},