changeset 53a4ae64df70 in sao:5.4
details: https://hg.tryton.org/sao?cmd=changeset;node=53a4ae64df70
description:
Add noreferrer noopener to external URL
issue9089
review289401002
(grafted from ecd678a55935a666e61c429a6acd631f35484b5f)
diffstat:
CHANGELOG | 2 ++
src/common.js | 3 ++-
src/view/form.js | 4 +++-
src/view/tree.js | 8 ++++----
4 files changed, 11 insertions(+), 6 deletions(-)
diffs (75 lines):
diff -r 5cae92fd55fb -r 53a4ae64df70 CHANGELOG
--- a/CHANGELOG Sat Feb 29 00:53:43 2020 +0100
+++ b/CHANGELOG Mon Mar 09 18:08:24 2020 +0100
@@ -1,3 +1,5 @@
+* Add noreferrer noopener to external URL (issue9089)
+
Version 5.4.3 - 2020-02-02
* Bug fixes (see mercurial logs for details)
diff -r 5cae92fd55fb -r 53a4ae64df70 src/common.js
--- a/src/common.js Sat Feb 29 00:53:43 2020 +0100
+++ b/src/common.js Mon Mar 09 18:08:24 2020 +0100
@@ -3198,7 +3198,8 @@
.append(jQuery('<a/>', {
'class': 'btn btn-link',
href: Sao.config.bug_url,
- target: '_blank'
+ target: '_blank',
+ rel: 'noreferrer noopener',
}).text(Sao.i18n.gettext('Report Bug')))));
jQuery('<button/>', {
'class': 'btn btn-primary',
diff -r 5cae92fd55fb -r 53a4ae64df70 src/view/form.js
--- a/src/view/form.js Sat Feb 29 00:53:43 2020 +0100
+++ b/src/view/form.js Mon Mar 09 18:08:24 2020 +0100
@@ -3876,7 +3876,8 @@
Sao.View.Form.URL._super.init.call(this, view, attributes);
this.button = jQuery('<a/>', {
'class': 'btn btn-default',
- 'target': '_new'
+ 'target': '_blank',
+ 'rel': 'noreferrer noopener',
}).appendTo(jQuery('<span/>', {
'class': 'input-group-btn'
}).appendTo(this.group));
@@ -3958,6 +3959,7 @@
this.button = jQuery('<a/>', {
'class': 'btn btn-lnk',
'target': '_blank',
+ 'rel': 'noreferrer noopener',
}).text(attributes.string).appendTo(this.el);
if (attributes.translate) {
var button = jQuery('<button/>', {
diff -r 5cae92fd55fb -r 53a4ae64df70 src/view/tree.js
--- a/src/view/tree.js Sat Feb 29 00:53:43 2020 +0100
+++ b/src/view/tree.js Mon Mar 09 18:08:24 2020 +0100
@@ -1820,7 +1820,8 @@
var cell;
if (this.protocol) {
cell = jQuery('<a/>', {
- 'target': '_new'
+ 'target': '_blank',
+ 'rel': 'noreferrer noopener',
});
cell.append(jQuery('<img/>'));
cell.click({'cell': cell}, this.clicked.bind(this));
@@ -1861,7 +1862,7 @@
break;
}
}
- cell.attr('src', value);
+ cell.attr('href', value);
}
if (this.icon) {
if (this.icon in record.model.fields) {
@@ -1901,8 +1902,7 @@
return cell;
},
clicked: function(event) {
- event.preventDefault(); // prevent edition
- window.open(event.data.cell.attr('src'), '_blank');
+ event.stopPropagation(); // prevent edition
}
});
