diff --git a/public/js/extra.js b/public/js/extra.js index d6bbb0c6..7a1077d5 100644 --- a/public/js/extra.js +++ b/public/js/extra.js @@ -570,7 +570,9 @@ export function postProcess (code) { $(value).html(html) }) // link should open in new window or tab - result.find('a:not([href^="#"]):not([target])').attr('target', '_blank') + // also add noopener to prevent clickjacking + // See details: https://mathiasbynens.github.io/rel-noopener/ + result.find('a:not([href^="#"]):not([target])').attr('target', '_blank').attr('rel', 'noopener') // update continue line numbers const linenumberdivs = result.find('.gutter.linenumber').toArray() for (let i = 0; i < linenumberdivs.length; i++) { diff --git a/public/views/codimd/body.ejs b/public/views/codimd/body.ejs index d4f27a93..dc111909 100644 --- a/public/views/codimd/body.ejs +++ b/public/views/codimd/body.ejs @@ -113,7 +113,7 @@
diff --git a/public/views/shared/refresh-modal.ejs b/public/views/shared/refresh-modal.ejs index 5be41b2a..64580545 100644 --- a/public/views/shared/refresh-modal.ejs +++ b/public/views/shared/refresh-modal.ejs @@ -14,7 +14,7 @@