Merge pull request #136 from open-qhm/feature/135

Add rel=noopener to <a> with target=_blank
open-qhm · Jan 26, 2020 · 83bf00c · 83bf00c
2 parents 2d93bf4 + c2dce5f
commit 83bf00c
Show file tree

Hide file tree

Showing 15 changed files with 252 additions and 221 deletions.
diff --git a/js/jquery.socialbutton-1.9.1.js b/js/jquery.socialbutton-1.9.1.js
@@ -691,8 +691,8 @@ function socialbutton_hatena_oldstyle(target, options, defaults, index, max_inde
 	url = htmlspecialchars(url);
 
 	var tag = '<span style="font-size: ' + height + 'px; line-height: 100%; ">'
-			+ '<span style="padding-right: ' + padding + 'px"><a href="http://b.hatena.ne.jp/entry/add/' + url + '" target="_blank"><img src="' + button + '" style="border: none; vertical-align: text-bottom" /></a></span>'
-			+ '<a href="http://b.hatena.ne.jp/entry/' + url + '" target="_blank"><img src="http://b.hatena.ne.jp/entry/image/' + url + '" style="border: none; vertical-align: text-bottom" /></a>'
+			+ '<span style="padding-right: ' + padding + 'px"><a href="http://b.hatena.ne.jp/entry/add/' + url + '" target="_blank" rel="noopener"><img src="' + button + '" style="border: none; vertical-align: text-bottom" /></a></span>'
+			+ '<a href="http://b.hatena.ne.jp/entry/' + url + '" target="_blank" rel="noopener"><img src="http://b.hatena.ne.jp/entry/image/' + url + '" style="border: none; vertical-align: text-bottom" /></a>'
 			+ '</span>';
 
 	$(target).html(tag);

diff --git a/js/mediaelementplayer/mediaelement-and-player.js b/js/mediaelementplayer/mediaelement-and-player.js
@@ -4959,7 +4959,7 @@ if (typeof jQuery != 'undefined') {
 							text = text + '\n' + lines[i];
 							i++;
 						}
-						text = $.trim(text).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank'>$1</a>");
+						text = $.trim(text).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank' rel='noopener'>$1</a>");
 						// Text is in a different array so I can use .join
 						entries.text.push(text);
 						entries.times.push(
@@ -5021,7 +5021,7 @@ if (typeof jQuery != 'undefined') {
 					if (style) _temp_times.style = style;
 					if (_temp_times.start === 0) _temp_times.start = 0.200;
 					entries.times.push(_temp_times);
-					text = $.trim(lines.eq(i).html()).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank'>$1</a>");
+					text = $.trim(lines.eq(i).html()).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank' rel='noopener'>$1</a>");
 					entries.text.push(text);
 					if (entries.times.start === 0) entries.times.start = 2;
 				}

diff --git a/js/mediaelementplayer/mediaelement-and-player.min.js b/js/mediaelementplayer/mediaelement-and-player.min.js
diff --git a/js/mediaelementplayer/mediaelementplayer.js b/js/mediaelementplayer/mediaelementplayer.js
@@ -2997,7 +2997,7 @@ if (typeof jQuery != 'undefined') {
 							text = text + '\n' + lines[i];
 							i++;
 						}
-						text = $.trim(text).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank'>$1</a>");
+						text = $.trim(text).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank' rel='noopener'>$1</a>");
 						// Text is in a different array so I can use .join
 						entries.text.push(text);
 						entries.times.push(
@@ -3059,7 +3059,7 @@ if (typeof jQuery != 'undefined') {
 					if (style) _temp_times.style = style;
 					if (_temp_times.start === 0) _temp_times.start = 0.200;
 					entries.times.push(_temp_times);
-					text = $.trim(lines.eq(i).html()).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank'>$1</a>");
+					text = $.trim(lines.eq(i).html()).replace(/(\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/ig, "<a href='$1' target='_blank' rel='noopener'>$1</a>");
 					entries.text.push(text);
 					if (entries.times.start === 0) entries.times.start = 2;
 				}

diff --git a/js/mediaelementplayer/mediaelementplayer.min.js b/js/mediaelementplayer/mediaelementplayer.min.js
diff --git a/lib/init.php b/lib/init.php
@@ -11,7 +11,7 @@
 // PukiWiki version / Copyright / Licence
 
 define('S_VERSION', '1.4.7');
-define('QHM_VERSION', '7.3.4');  //絶対に編集しないで下さい
+define('QHM_VERSION', '7.3.5');  //絶対に編集しないで下さい
 define('QHM_OPTIONS', 'update=download; support=false; banner=true');
 define('S_COPYRIGHT',
 	'powered by <strong><a href="https://haik-cms.jp/">HAIK</a> ' . QHM_VERSION . '</strong><br />' .

diff --git a/lib/qhm_init.php b/lib/qhm_init.php
@@ -656,7 +656,7 @@
         <textarea cols="90" rows="3" class="form-control">'. h($tweettext) .'</textarea>
 		<ol class="help-block">
 			<li><span class="small">内容を編集して投稿できます。<br /><b>%URL%</b> と書くとURLに自動変換されます。</span></li>
-			<li><a href="'. $tweeturl .'" class="shareTwitter btn qhm-btn-primary qhm-btn-sm" data-format="'. h($tweeturl_fmt) .'" data-url="'. h($_go_url) .'" target="_blank">クリックしてTwitterへ投稿</a></li>
+			<li><a href="'. $tweeturl .'" class="shareTwitter btn qhm-btn-primary qhm-btn-sm" data-format="'. h($tweeturl_fmt) .'" data-url="'. h($_go_url) .'" target="_blank" rel="noopener">クリックしてTwitterへ投稿</a></li>
 		</ol>
       </div>
     </div>
@@ -667,7 +667,7 @@
 
         <ol class="help-block">
           <li>短縮URLをコピーする。</li>
-          <li><a href="http://www.facebook.com/" class="btn qhm-btn-primary qhm-btn-sm" target="_blank">ここをクリックして、Facebook を開いて投稿</a></li>
+          <li><a href="http://www.facebook.com/" class="btn qhm-btn-primary qhm-btn-sm" target="_blank" rel="noopener">ここをクリックして、Facebook を開いて投稿</a></li>
         </ol>
       </div>
     </div>

diff --git a/plugin/canonical.inc.php b/plugin/canonical.inc.php
@@ -68,7 +68,7 @@ function plugin_canonical_show_info()
 <div style="border:solid 1px #00e;background-color:#eef;max-width:80%;width:80%;text-align:left;padding:0 1.5em;margin:1em auto;">
   <p>
     <strong>このページは canonical URL が指定されています。</strong><br>
-    <a href="'.h($qt->getv('canonical_url')).'" target="_blank">確認</a>
+    <a href="'.h($qt->getv('canonical_url')).'" target="_blank" rel="noopener">確認</a>
   </p>
 </div>';
         }
@@ -82,7 +82,7 @@ function plugin_canonical_show_info()
   </button>
 
   <strong>このページは canonical URL が指定されています。</strong><br>
-  <a href="'.h($qt->getv('canonical_url')).'" target="_blank" class="btn btn-info">確認</a>
+  <a href="'.h($qt->getv('canonical_url')).'" target="_blank" rel="noopener" class="btn btn-info">確認</a>
 </div>';
         }
     }

diff --git a/plugin/convert_haik.inc.php b/plugin/convert_haik.inc.php
@@ -114,7 +114,7 @@ function plugin_convert_haik_action()
 </div>
 
 <div class="alert alert-warning">
-  icon プラグインは IcoMoon から <a href="http://getbootstrap.com/components/#glyphicons" title="Bootstrap glyphicons" target="_blank">glyphicon</a>, <a href="http://fortawesome.github.io/Font-Awesome/cheatsheet/" title="FontAwesome Cheatsheat" target="_blank">font-awesome</a> に変更されました。<br>
+  icon プラグインは IcoMoon から <a href="http://getbootstrap.com/components/#glyphicons" title="Bootstrap glyphicons" target="_blank" rel="noopener">glyphicon</a>, <a href="http://fortawesome.github.io/Font-Awesome/cheatsheet/" title="FontAwesome Cheatsheat" target="_blank" rel="noopener">font-awesome</a> に変更されました。<br>
   指定したアイコン名によっては表示されなくなる場合があります。
 </div>
 

diff --git a/plugin/fb_root.inc.php b/plugin/fb_root.inc.php
@@ -132,7 +132,7 @@ function plugin_fb_root_set_page_js()
 function FB_init_callback() {
 	FB.Canvas.setAutoGrow();
 	//link mod
-	$("#body a:not([href^=#])").attr("target", "_blank")
+	$("#body a:not([href^=#])").attr("target", "_blank").attr("rel", "noopener")
 		.filter("[href*=\'facebook.com\']:not([href*=\'developers.facebook.com\'])").attr("target", "_parent");
 	$("form").append(\'<input type="hidden" name="signed_request" value="'.h($vars['signed_request']).'" /> \');
 }