From fccf83e1f2ecd4e23f7b1faee5330976d17da7b8 Mon Sep 17 00:00:00 2001
From: BSKY <git@bsky.moe>
Date: Fri, 25 Oct 2019 05:44:42 +0900
Subject: Add noopener and/or noreferrer (#12202)

---
 app/lib/formatter.rb       | 2 +-
 app/lib/sanitize_config.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/lib')

diff --git a/app/lib/formatter.rb b/app/lib/formatter.rb
index 990b9f63ed8..6ba3276141a 100644
--- a/app/lib/formatter.rb
+++ b/app/lib/formatter.rb
@@ -251,7 +251,7 @@ class Formatter
 
   def link_to_url(entity, options = {})
     url        = Addressable::URI.parse(entity[:url])
-    html_attrs = { target: '_blank', rel: 'nofollow noopener' }
+    html_attrs = { target: '_blank', rel: 'nofollow noopener noreferrer' }
 
     html_attrs[:rel] = "me #{html_attrs[:rel]}" if options[:me]
 
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb
index aba8ce9f615..77045155e03 100644
--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@@ -45,7 +45,7 @@ class Sanitize
 
       add_attributes: {
         'a' => {
-          'rel' => 'nofollow noopener',
+          'rel' => 'nofollow noopener noreferrer',
           'target' => '_blank',
         },
       },
-- 
cgit v1.2.3