diff options
author | Jacob Schatz <jschatz@gitlab.com> | 2017-03-15 21:21:48 +0000 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-03-20 18:51:36 -0700 |
commit | c5a9d73ad8a141166d871e551027208014a281c0 (patch) | |
tree | 2c67e06925166205e40c35588732285260bdecdb /app/assets/javascripts | |
parent | 153b594c06c994a8c9b4a92e9c5c33c3cdb4e0e0 (diff) | |
download | gitlab-ce-c5a9d73ad8a141166d871e551027208014a281c0.tar.gz |
Merge branch 'fix-links-target-blank' into 'security'
Adds rel="noopener noreferrer" to all links with target="_blank"
See merge request !2071
Diffstat (limited to 'app/assets/javascripts')
-rw-r--r-- | app/assets/javascripts/environments/components/environment_external_url.js | 1 | ||||
-rw-r--r-- | app/assets/javascripts/merge_request_widget.js | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/app/assets/javascripts/environments/components/environment_external_url.js b/app/assets/javascripts/environments/components/environment_external_url.js index a554998f52c..b4f9eb357fd 100644 --- a/app/assets/javascripts/environments/components/environment_external_url.js +++ b/app/assets/javascripts/environments/components/environment_external_url.js @@ -14,6 +14,7 @@ export default { class="btn external_url" :href="externalUrl" target="_blank" + rel="noopener noreferrer" title="Environment external URL"> <i class="fa fa-external-link" aria-hidden="true"></i> </a> diff --git a/app/assets/javascripts/merge_request_widget.js b/app/assets/javascripts/merge_request_widget.js index 94a4f24f1d7..0e2af3df071 100644 --- a/app/assets/javascripts/merge_request_widget.js +++ b/app/assets/javascripts/merge_request_widget.js @@ -14,13 +14,13 @@ import MiniPipelineGraph from './mini_pipeline_graph_dropdown'; <%= ci_success_icon %> <span> Deployed to - <a href="<%- url %>" target="_blank" class="environment"> + <a href="<%- url %>" target="_blank" rel="noopener noreferrer" class="environment"> <%- name %> </a> <span class="js-environment-timeago" data-toggle="tooltip" data-placement="top" data-title="<%- deployed_at_formatted %>"> <%- deployed_at %> </span> - <a class="js-environment-link" href="<%- external_url %>" target="_blank"> + <a class="js-environment-link" href="<%- external_url %>" target="_blank" rel="noopener noreferrer"> <i class="fa fa-external-link"></i> View on <%- external_url_formatted %> </a> |