Prevent a target _blank attacks with window.opener

https://mathiasbynens.github.io/rel-noopener/ noopener is implied by noreferrer https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer The API for window.open() does not seem stable yet https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
author: Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2016-09-07 14:35:51 +0200
committer: Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2016-09-07 14:35:51 +0200
commit: 8a776f146182bc6870702cfeb87041e3af66b24b (patch)
tree: 5ababee81679d46f7f72d65920170e719fea12d1 /p/scripts
parent: 03211453704e90c85d5da3a9ef0553e49886de59 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/p/scripts/main.js b/p/scripts/main.js
index 8980fe2f6..74631451a 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -752,7 +752,7 @@ function init_stream(divStream) {
 	});
 
 	divStream.on('click', '.flux .content a', function () {
-		$(this).attr('target', '_blank');
+		$(this).attr('target', '_blank').attr('rel', 'noreferrer');
 	});
 
 	if (context.auto_mark_site) {
author	Alexandre Alapetite <alexandre.alapetite@alexandra.dk>	2016-09-07 14:35:51 +0200
committer	Alexandre Alapetite <alexandre.alapetite@alexandra.dk>	2016-09-07 14:35:51 +0200
commit	8a776f146182bc6870702cfeb87041e3af66b24b (patch)
tree	5ababee81679d46f7f72d65920170e719fea12d1 /p/scripts
parent	03211453704e90c85d5da3a9ef0553e49886de59 (diff)