From c5a9d73ad8a141166d871e551027208014a281c0 Mon Sep 17 00:00:00 2001
From: Jacob Schatz <jschatz@gitlab.com>
Date: Wed, 15 Mar 2017 21:21:48 +0000
Subject: Merge branch 'fix-links-target-blank' into 'security'

Adds rel="noopener noreferrer" to all links with target="_blank"

See merge request !2071
---
 app/views/profiles/show.html.haml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/views/profiles/show.html.haml')

diff --git a/app/views/profiles/show.html.haml b/app/views/profiles/show.html.haml
index d551754a2e5..c74b3249a13 100644
--- a/app/views/profiles/show.html.haml
+++ b/app/views/profiles/show.html.haml
@@ -18,7 +18,7 @@
             or change it at #{link_to Gitlab.config.gravatar.host, "http://" + Gitlab.config.gravatar.host}
     .col-lg-9
       .clearfix.avatar-image.append-bottom-default
-        = link_to avatar_icon(@user, 400), target: '_blank' do
+        = link_to avatar_icon(@user, 400), target: '_blank', rel: 'noopener noreferrer' do
           = image_tag avatar_icon(@user, 160), alt: '', class: 'avatar s160'
       %h5.prepend-top-0
         Upload new avatar
-- 
cgit v1.2.1