diff options
| author | Jacob Schatz <jschatz@gitlab.com> | 2017-03-15 21:21:48 +0000 |
|---|---|---|
| committer | DJ Mountney <david@twkie.net> | 2017-03-20 18:51:36 -0700 |
| commit | c5a9d73ad8a141166d871e551027208014a281c0 (patch) | |
| tree | 2c67e06925166205e40c35588732285260bdecdb /app/views/projects/blob | |
| parent | 153b594c06c994a8c9b4a92e9c5c33c3cdb4e0e0 (diff) | |
| download | gitlab-ce-c5a9d73ad8a141166d871e551027208014a281c0.tar.gz | |
Merge branch 'fix-links-target-blank' into 'security'
Adds rel="noopener noreferrer" to all links with target="_blank"
See merge request !2071
Diffstat (limited to 'app/views/projects/blob')
| -rw-r--r-- | app/views/projects/blob/_image.html.haml | 2 | ||||
| -rw-r--r-- | app/views/projects/blob/_text.html.haml | 2 | ||||
| -rw-r--r-- | app/views/projects/blob/edit.html.haml | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/app/views/projects/blob/_image.html.haml b/app/views/projects/blob/_image.html.haml index f864702d862..ea3cecb86a9 100644 --- a/app/views/projects/blob/_image.html.haml +++ b/app/views/projects/blob/_image.html.haml @@ -9,7 +9,7 @@ - else .nothing-here-block The SVG could not be displayed as it is too large, you can - #{link_to('view the raw file', namespace_project_raw_path(@project.namespace, @project, @id), target: '_blank')} + #{link_to('view the raw file', namespace_project_raw_path(@project.namespace, @project, @id), target: '_blank', rel: 'noopener noreferrer')} instead. - else %img{ src: namespace_project_raw_path(@project.namespace, @project, tree_join(@commit.id, blob.path)), alt: "#{blob.name}" } diff --git a/app/views/projects/blob/_text.html.haml b/app/views/projects/blob/_text.html.haml index b1e1be49de9..7b16d266982 100644 --- a/app/views/projects/blob/_text.html.haml +++ b/app/views/projects/blob/_text.html.haml @@ -3,7 +3,7 @@ .nothing-here-block File too large, you can = succeed '.' do - = link_to 'view the raw file', namespace_project_raw_path(@project.namespace, @project, @id), target: '_blank' + = link_to 'view the raw file', namespace_project_raw_path(@project.namespace, @project, @id), target: '_blank', rel: 'noopener noreferrer' - else - blob.load_all_data!(@repository) diff --git a/app/views/projects/blob/edit.html.haml b/app/views/projects/blob/edit.html.haml index 8853801016b..3bcddcb37f1 100644 --- a/app/views/projects/blob/edit.html.haml +++ b/app/views/projects/blob/edit.html.haml @@ -9,7 +9,7 @@ - if @conflict .alert.alert-danger Someone edited the file the same time you did. Please check out - = link_to "the file", namespace_project_blob_path(@project.namespace, @project, tree_join(@target_branch, @file_path)), target: "_blank" + = link_to "the file", namespace_project_blob_path(@project.namespace, @project, tree_join(@target_branch, @file_path)), target: "_blank", rel: 'noopener noreferrer' and make sure your changes will not unintentionally remove theirs. .file-editor |