mirror of
https://github.com/showdownjs/showdown.git
synced 2024-03-22 13:30:55 +08:00
1cd281f064
Add rel="noreferrer" to links when openLinksInNewWindow is on. Also add noopener when openLinksInNewWindow is on. target="_blank" without also adding rel="noopener noreferrer" creates a vulnerability (since the site you're linking to has access to the window.opener by default. This adds rel="noopener noreferrer" to links generated by the makeHtml converter when openLinksInNewWindow is true. Closes #670
2 lines
124 B
HTML
2 lines
124 B
HTML
<p>this is <a href="http://www.google.com" rel="noopener noreferrer" target="_blank">http://www.google.com</a> autolink</p>
|