improve lighthouse best practices audit (#863)

* improve safety of cross origin links

* add additional safety for cross origin links

* remove duplicates

diff --git a/ui/src/components/comment-form.tsx b/ui/src/components/comment-form.tsx
index 45974cc072dcb7e5d382be66067123bcf248f5c7..72a604b9f62412774592fa239a898ebd7badb8ca 100644 (file)
--- a/ui/src/components/comment-form.tsx
+++ b/ui/src/components/comment-form.tsx
@@ -185,6 +185,7 @@ export class CommentForm extends Component<CommentFormProps, CommentFormState> {
                 target="_blank"
                 class="d-inline-block float-right text-muted font-weight-bold"
                 title={i18n.t('formatting_help')}
+                rel="noopener"
               >
                 <svg class="icon icon-inline">
                   <use xlinkHref="#icon-help-circle"></use>

diff --git a/ui/src/components/community.tsx b/ui/src/components/community.tsx
index 373d8f807fefd902b5bacdc75ce6d4f2a1efddbf..c193532b08b9ef64610591ee37e14d04c61d3597 100644 (file)
--- a/ui/src/components/community.tsx
+++ b/ui/src/components/community.tsx
@@ -217,6 +217,7 @@ export class Community extends Component<any, State> {
           }`}
           target="_blank"
           title="RSS"
+          rel="noopener"
         >
           <svg class="icon text-muted small">
             <use xlinkHref="#icon-rss">#</use>

diff --git a/ui/src/components/iframely-card.tsx b/ui/src/components/iframely-card.tsx
index 3a89023f5061a61ac18743ae79ac843a55a1d9da..0d3f43f69bdba13253a737153a94541487cf5b73 100644 (file)
--- a/ui/src/components/iframely-card.tsx
+++ b/ui/src/components/iframely-card.tsx
@@ -44,7 +44,12 @@ export class IFramelyCard extends Component<
                       </span>
                     ) : (
                       <span>
-                        <a class="text-body" target="_blank" href={post.url}>
+                        <a
+                          class="text-body"
+                          target="_blank"
+                          href={post.url}
+                          rel="noopener"
+                        >
                           {post.embed_title}
                         </a>
                       </span>
@@ -55,6 +60,7 @@ export class IFramelyCard extends Component<
                       class="text-muted font-italic"
                       target="_blank"
                       href={post.url}
+                      rel="noopener"
                     >
                       {new URL(post.url).hostname}
                       <svg class="ml-1 icon">

diff --git a/ui/src/components/inbox.tsx b/ui/src/components/inbox.tsx
index edbacd518c5ffff473d86a30ae470f48f0eda9dd..3b963a79f279c78f373e36a8d270d31296243569 100644 (file)
--- a/ui/src/components/inbox.tsx
+++ b/ui/src/components/inbox.tsx
@@ -109,6 +109,7 @@ export class Inbox extends Component<any, InboxState> {
                   href={`/feeds/inbox/${UserService.Instance.auth}.xml`}
                   target="_blank"
                   title="RSS"
+                  rel="noopener"
                 >
                   <svg class="icon ml-2 text-muted small">
                     <use xlinkHref="#icon-rss">#</use>

diff --git a/ui/src/components/main.tsx b/ui/src/components/main.tsx
index c168feb0c4570e09c5b93696105eb91e9d26a5fd..4e04fe48cbc679dea150db965ee2670dbf05fb9b 100644 (file)
--- a/ui/src/components/main.tsx
+++ b/ui/src/components/main.tsx
@@ -452,6 +452,7 @@ export class Main extends Component<any, MainState> {
           <a
             href={`/feeds/all.xml?sort=${SortType[this.state.sort]}`}
             target="_blank"
+            rel="noopener"
             title="RSS"
           >
             <svg class="icon text-muted small">
@@ -467,6 +468,7 @@ export class Main extends Component<any, MainState> {
               }`}
               target="_blank"
               title="RSS"
+              rel="noopener"
             >
               <svg class="icon text-muted small">
                 <use xlinkHref="#icon-rss">#</use>

diff --git a/ui/src/components/post-form.tsx b/ui/src/components/post-form.tsx
index 9f5aa363e63726d0566c00acd6407033b70be185..fdf6ebe476d0935b0fad3ba048f1d4ecf295f681 100644 (file)
--- a/ui/src/components/post-form.tsx
+++ b/ui/src/components/post-form.tsx
@@ -222,6 +222,7 @@ export class PostForm extends Component<PostFormProps, PostFormState> {
                   )}`}
                   target="_blank"
                   class="mr-2 d-inline-block float-right text-muted small font-weight-bold"
+                  rel="noopener"
                 >
                   {i18n.t('archive_link')}
                 </a>
@@ -302,6 +303,7 @@ export class PostForm extends Component<PostFormProps, PostFormState> {
               <a
                 href={markdownHelpUrl}
                 target="_blank"
+                rel="noopener"
                 class="d-inline-block float-right text-muted font-weight-bold"
                 title={i18n.t('formatting_help')}
               >

diff --git a/ui/src/components/post-listing.tsx b/ui/src/components/post-listing.tsx
index b4cc4f928298e82549fc8f395c66fdea751aa6d3..3d6088427e8dd90f4141d1f32ce1ee68173a6439 100644 (file)
--- a/ui/src/components/post-listing.tsx
+++ b/ui/src/components/post-listing.tsx
@@ -197,6 +197,7 @@ export class PostListing extends Component<PostListingProps, PostListingState> {
           className="text-body"
           href={post.url}
           target="_blank"
+          rel="noopener"
           title={post.url}
         >
           {this.imgThumb(this.getImage(true))}
@@ -227,6 +228,7 @@ export class PostListing extends Component<PostListingProps, PostListingState> {
             href={post.url}
             target="_blank"
             title={post.url}
+            rel="noopener"
           >
             <svg class="icon thumbnail">
               <use xlinkHref="#icon-external-link"></use>
@@ -303,6 +305,7 @@ export class PostListing extends Component<PostListingProps, PostListingState> {
                       href={post.url}
                       target="_blank"
                       title={post.url}
+                      rel="noopener"
                     >
                       {post.name}
                     </a>
@@ -323,6 +326,7 @@ export class PostListing extends Component<PostListingProps, PostListingState> {
                       href={post.url}
                       target="_blank"
                       title={post.url}
+                      rel="noopener"
                     >
                       {hostname(post.url)}
                       <svg class="ml-1 icon icon-inline">

diff --git a/ui/src/components/private-message-form.tsx b/ui/src/components/private-message-form.tsx
index 8cb7590e615c4ebf377964a9f1736e1cd78df03d..1078236150f78eac6d935e7fa4f6ece0f5c6d737 100644 (file)
--- a/ui/src/components/private-message-form.tsx
+++ b/ui/src/components/private-message-form.tsx
@@ -175,6 +175,7 @@ export class PrivateMessageForm extends Component<
                     <a
                       class="alert-link"
                       target="_blank"
+                      rel="noopener"
                       href="https://about.riot.im/"
                     >
                       #
@@ -236,6 +237,7 @@ export class PrivateMessageForm extends Component<
                   <a
                     href={markdownHelpUrl}
                     target="_blank"
+                    rel="noopener"
                     class="text-muted"
                     title={i18n.t('formatting_help')}
                   >

diff --git a/ui/src/components/sort-select.tsx b/ui/src/components/sort-select.tsx
index a6ce2ea9804b6437fac7d785b7f333cc2c1a459d..05abdb20afeccb5f812c9e1e85a4cc8cd596fc41 100644 (file)
--- a/ui/src/components/sort-select.tsx
+++ b/ui/src/components/sort-select.tsx
@@ -47,6 +47,7 @@ export class SortSelect extends Component<SortSelectProps, SortSelectState> {
           className="text-muted"
           href={sortingHelpUrl}
           target="_blank"
+          rel="noopener"
           title={i18n.t('sorting_help')}
         >
           <svg class={`icon icon-inline`}>

diff --git a/ui/src/components/sponsors.tsx b/ui/src/components/sponsors.tsx
index 7e5eed642a9e64dac1588a2d95e89103b9f30a4e..06e135248639aa8057b04ae7ec7c417ffa4c6c81 100644 (file)
--- a/ui/src/components/sponsors.tsx
+++ b/ui/src/components/sponsors.tsx
@@ -89,7 +89,7 @@ export class Sponsors extends Component<any, any> {
           {silver.map(s => (
             <div class="card col-12 col-md-2">
               <div>
-                <a href={s.link} target="_blank">
+                <a href={s.link} target="_blank" rel="noopener">
                   💎 {s.name}
                 </a>
               </div>

diff --git a/ui/src/components/user.tsx b/ui/src/components/user.tsx
index f635a1cd0b1d8eb48582b62f9c06fdb7234a0bb7..69914fd3981634e3ad483f69acf7219b8ff6eff5 100644 (file)
--- a/ui/src/components/user.tsx
+++ b/ui/src/components/user.tsx
@@ -317,6 +317,7 @@ export class User extends Component<any, UserState> {
             SortType[this.state.sort]
           }`}
           target="_blank"
+          rel="noopener"
           title="RSS"
         >
           <svg class="icon mx-2 text-muted small">
@@ -463,6 +464,7 @@ export class User extends Component<any, UserState> {
                     !this.state.user.matrix_user_id && 'disabled'
                   }`}
                   target="_blank"
+                  rel="noopener"
                   href={`https://matrix.to/#/${this.state.user.matrix_user_id}`}
                 >
                   {i18n.t('send_secure_message')}
@@ -586,7 +588,11 @@ export class User extends Component<any, UserState> {
               </div>
               <div class="form-group row">
                 <label class="col-lg-5 col-form-label">
-                  <a href="https://about.riot.im/" target="_blank">
+                  <a
+                    href="https://about.riot.im/"
+                    target="_blank"
+                    rel="noopener"
+                  >
                     {i18n.t('matrix_user_id')}
                   </a>
                 </label>