Lucas Werkmeister (WMDE) has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/355557 )
Change subject: Add rel="noopener" to many target="_blank" links
......................................................................
Add rel="noopener" to many target="_blank" links
Without rel="noopener", the target page has access to the original
window via `window.opener` and can access and modify some properties;
for example, try running this query and clicking the result link:
SELECT (<https://lucaswerkmeister.de/no-noopener.html> AS ?x) WHERE {}
This commit adds rel="noopener" to many, but not all links with
target="_blank". In general, the attack surface on query.wikidata.org is
small, since there is little to be gained from impersonating the website
(it does not have, for instance, any login information that the user
might enter). Internal links don’t always need rel="noopener", since the
target can be trusted; on the other hand, this commit does add
rel="noopener" to some of them, just for consistency in the HTML with
external links that should have rel="noopener".
Change-Id: I4d5c5d6949222ea2c971395d3155e87f0d1acf36
---
M index.html
M wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
2 files changed, 16 insertions(+), 16 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/wikidata/query/gui
refs/changes/57/355557/1
diff --git a/index.html b/index.html
index ea28bea..e422d70 100644
--- a/index.html
+++ b/index.html
@@ -63,13 +63,13 @@
<li class="dropdown"><a
class="dropdown-toggle" data-toggle="dropdown" role="button"
aria-haspopup="true" aria-expanded="false">
<span class="glyphicon
glyphicon-cog" aria-hidden="true"></span><span
data-i18n="wdqs-app-button-tools"></span><span class="caret"></span></a>
<ul
class="dropdown-menu">
- <li><a
target="_blank" href="https://tools.wmflabs.org/hay/propbrowse/";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Hay's
Properties Browser</a></li>
- <li><a
target="_blank"
href="https://tools.wmflabs.org/sqid/#/browse?type=properties";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SQID
Properties Browser</a></li>
- <li><a
target="_blank"
href="https://angryloki.github.io/wikidata-graph-builder/";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Wikidata
Graph Builder</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://tools.wmflabs.org/hay/propbrowse/";><span class="glyphicon
glyphicon-new-window" aria-hidden="true"></span> Hay's Properties
Browser</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://tools.wmflabs.org/sqid/#/browse?type=properties";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SQID
Properties Browser</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://angryloki.github.io/wikidata-graph-builder/";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Wikidata
Graph Builder</a></li>
<li
role="separator" class="divider"></li>
- <li><a
target="_blank"
href="https://github.com/wikimedia/wikidata-query-rdf/blob/master/docs/exploring-linked-data.md";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Exploring
Linked Data</a></li>
- <li><a
target="_blank" href="https://tools.wmflabs.org/wdq2sparql/w2s.php";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> WDQ Syntax
Translator</a></li>
- <li><a
target="_blank"
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual#SPARQL_endpoint";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SPARQL REST
Endpoint</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://github.com/wikimedia/wikidata-query-rdf/blob/master/docs/exploring-linked-data.md";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Exploring
Linked Data</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://tools.wmflabs.org/wdq2sparql/w2s.php";><span class="glyphicon
glyphicon-new-window" aria-hidden="true"></span> WDQ Syntax Translator</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual#SPARQL_endpoint";><span
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SPARQL REST
Endpoint</a></li>
</ul>
</li><li>
<div class="btn-group
navbar-btn">
@@ -80,17 +80,17 @@
<span
class="caret"></span>
</button>
<ul
class="dropdown-menu">
- <li><a
target="_blank"
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/Wikidata_Query_Help";
data-i18n="wdqs-app-help-portal"></a></li>
- <li><a
target="_blank"
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual";
data-i18n="wdqs-app-help-manual"></a></li>
- <li><a
target="_blank"
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/queries/examples";
data-i18n="wdqs-app-help-examples"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/Wikidata_Query_Help";
data-i18n="wdqs-app-help-portal"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual";
data-i18n="wdqs-app-help-manual"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/queries/examples";
data-i18n="wdqs-app-help-examples"></a></li>
<li
role="separator" class="divider"></li>
- <li><a
target="_blank" href="https://www.w3.org/TR/sparql11-query/";>SPARQL</a></li>
- <li><a
target="_blank"
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format";
data-i18n="wdqs-app-help-datamodel"></a></li>
- <li><a
target="_blank"
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format#Full_list_of_prefixes";
data-i18n="wdqs-app-help-prefixes"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.w3.org/TR/sparql11-query/";>SPARQL</a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format";
data-i18n="wdqs-app-help-datamodel"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format#Full_list_of_prefixes";
data-i18n="wdqs-app-help-prefixes"></a></li>
<li
role="separator" class="divider"></li>
- <li><a
target="_blank" href="https://www.wikidata.org/wiki/Wikidata:Request_a_query";
data-i18n="wdqs-app-help-request-query"></a></li>
- <li><a
target="_blank"
href="https://www.mediawiki.org/w/index.php?title=Talk:Wikidata_query_service&action=edit§ion=new";
data-i18n="wdqs-app-help-feedback"></a></li>
- <li><a
target="_blank" href="copyright.html" data-i18n="wdqs-app-help-copy"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.wikidata.org/wiki/Wikidata:Request_a_query";
data-i18n="wdqs-app-help-request-query"></a></li>
+ <li><a
target="_blank" rel="noopener"
href="https://www.mediawiki.org/w/index.php?title=Talk:Wikidata_query_service&action=edit§ion=new";
data-i18n="wdqs-app-help-feedback"></a></li>
+ <li><a
target="_blank" rel="noopener" href="copyright.html"
data-i18n="wdqs-app-help-copy"></a></li>
</ul>
</div>
</li>
diff --git a/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
b/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
index 355f0a5..3b1a529 100644
--- a/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
+++ b/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
@@ -108,7 +108,7 @@
switch ( data.datatype || data.type ) {
case TYPE_URI:
- var $link = $( '<a>' ).attr( { title: title, href:
value, target: '_blank' } );
+ var $link = $( '<a>' ).attr( { title: title, href:
value, target: '_blank', rel: 'noopener' } );
$html.append( $link );
if ( this.isCommonsResource( value ) ) {
--
To view, visit https://gerrit.wikimedia.org/r/355557
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4d5c5d6949222ea2c971395d3155e87f0d1acf36
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/gui
Gerrit-Branch: master
Gerrit-Owner: Lucas Werkmeister (WMDE) <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
