[MediaWiki-commits] [Gerrit] wikidata...gui[master]: Add rel="noopener" to many target="_blank" links

Lucas Werkmeister (WMDE) (Code Review) Wed, 24 May 2017 14:56:26 -0700

Lucas Werkmeister (WMDE) has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/355557 )


Change subject: Add rel="noopener" to many target="_blank" links
......................................................................

Add rel="noopener" to many target="_blank" links

Without rel="noopener", the target page has access to the original
window via `window.opener` and can access and modify some properties;
for example, try running this query and clicking the result link:

    SELECT (<https://lucaswerkmeister.de/no-noopener.html> AS ?x) WHERE {}

This commit adds rel="noopener" to many, but not all links with
target="_blank". In general, the attack surface on query.wikidata.org is
small, since there is little to be gained from impersonating the website
(it does not have, for instance, any login information that the user
might enter). Internal links don’t always need rel="noopener", since the
target can be trusted; on the other hand, this commit does add
rel="noopener" to some of them, just for consistency in the HTML with
external links that should have rel="noopener".

Change-Id: I4d5c5d6949222ea2c971395d3155e87f0d1acf36
---
M index.html
M wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
2 files changed, 16 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/wikidata/query/gui 
refs/changes/57/355557/1

diff --git a/index.html b/index.html
index ea28bea..e422d70 100644
--- a/index.html
+++ b/index.html
@@ -63,13 +63,13 @@
                                                <li class="dropdown"><a 
class="dropdown-toggle" data-toggle="dropdown" role="button" 
aria-haspopup="true" aria-expanded="false">
                                                        <span class="glyphicon 
glyphicon-cog" aria-hidden="true"></span><span 
data-i18n="wdqs-app-button-tools"></span><span class="caret"></span></a>
                                                        <ul 
class="dropdown-menu">
-                                                               <li><a 
target="_blank" href="https://tools.wmflabs.org/hay/propbrowse/";><span 
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Hay's 
Properties Browser</a></li>
-                                                               <li><a 
target="_blank" 
href="https://tools.wmflabs.org/sqid/#/browse?type=properties";><span 
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SQID 
Properties Browser</a></li>
-                                                               <li><a 
target="_blank" 
href="https://angryloki.github.io/wikidata-graph-builder/";><span 
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Wikidata 
Graph Builder</a></li>
+                                                               <li><a 
target="_blank" rel="noopener" 
href="https://tools.wmflabs.org/hay/propbrowse/";><span class="glyphicon 
glyphicon-new-window" aria-hidden="true"></span> Hay's Properties 
Browser</a></li>
+                                                               <li><a 
target="_blank" rel="noopener" 
href="https://tools.wmflabs.org/sqid/#/browse?type=properties";><span 
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SQID 
Properties Browser</a></li>
+                                                               <li><a 
target="_blank" rel="noopener" 
href="https://angryloki.github.io/wikidata-graph-builder/";><span 
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Wikidata 
Graph Builder</a></li>
                                                                <li 
role="separator" class="divider"></li>
-                                                               <li><a 
target="_blank" 
href="https://github.com/wikimedia/wikidata-query-rdf/blob/master/docs/exploring-linked-data.md";><span
 class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Exploring 
Linked Data</a></li>
-                                                               <li><a 
target="_blank" href="https://tools.wmflabs.org/wdq2sparql/w2s.php";><span 
class="glyphicon glyphicon-new-window" aria-hidden="true"></span> WDQ Syntax 
Translator</a></li>
-                                                               <li><a 
target="_blank" 
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual#SPARQL_endpoint";><span
 class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SPARQL REST 
Endpoint</a></li>
+                                                               <li><a 
target="_blank" rel="noopener" 
href="https://github.com/wikimedia/wikidata-query-rdf/blob/master/docs/exploring-linked-data.md";><span
 class="glyphicon glyphicon-new-window" aria-hidden="true"></span> Exploring 
Linked Data</a></li>
+                                                               <li><a 
target="_blank" rel="noopener" 
href="https://tools.wmflabs.org/wdq2sparql/w2s.php";><span class="glyphicon 
glyphicon-new-window" aria-hidden="true"></span> WDQ Syntax Translator</a></li>
+                                                               <li><a 
target="_blank" rel="noopener" 
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual#SPARQL_endpoint";><span
 class="glyphicon glyphicon-new-window" aria-hidden="true"></span> SPARQL REST 
Endpoint</a></li>
                                                        </ul>
                                                </li><li>
                                                        <div class="btn-group 
navbar-btn">
@@ -80,17 +80,17 @@
                                                                        <span 
class="caret"></span>
                                                                </button>
                                                                <ul 
class="dropdown-menu">
-                                                                       <li><a 
target="_blank" 
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/Wikidata_Query_Help";
 data-i18n="wdqs-app-help-portal"></a></li>
-                                                                       <li><a 
target="_blank" 
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual"; 
data-i18n="wdqs-app-help-manual"></a></li>
-                                                                       <li><a 
target="_blank" 
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/queries/examples";
 data-i18n="wdqs-app-help-examples"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/Wikidata_Query_Help";
 data-i18n="wdqs-app-help-portal"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.mediawiki.org/wiki/Wikidata_query_service/User_Manual"; 
data-i18n="wdqs-app-help-manual"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.wikidata.org/wiki/Wikidata:SPARQL_query_service/queries/examples";
 data-i18n="wdqs-app-help-examples"></a></li>
                                                                        <li 
role="separator" class="divider"></li>
-                                                                       <li><a 
target="_blank" href="https://www.w3.org/TR/sparql11-query/";>SPARQL</a></li>
-                                                                       <li><a 
target="_blank" 
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format"; 
data-i18n="wdqs-app-help-datamodel"></a></li>
-                                                                       <li><a 
target="_blank" 
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format#Full_list_of_prefixes";
 data-i18n="wdqs-app-help-prefixes"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.w3.org/TR/sparql11-query/";>SPARQL</a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format"; 
data-i18n="wdqs-app-help-datamodel"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.mediawiki.org/wiki/Wikibase/Indexing/RDF_Dump_Format#Full_list_of_prefixes";
 data-i18n="wdqs-app-help-prefixes"></a></li>
                                                                        <li 
role="separator" class="divider"></li>
-                                                                       <li><a 
target="_blank" href="https://www.wikidata.org/wiki/Wikidata:Request_a_query"; 
data-i18n="wdqs-app-help-request-query"></a></li>
-                                                                       <li><a 
target="_blank" 
href="https://www.mediawiki.org/w/index.php?title=Talk:Wikidata_query_service&action=edit&section=new";
 data-i18n="wdqs-app-help-feedback"></a></li>
-                                                                       <li><a 
target="_blank" href="copyright.html" data-i18n="wdqs-app-help-copy"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.wikidata.org/wiki/Wikidata:Request_a_query"; 
data-i18n="wdqs-app-help-request-query"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" 
href="https://www.mediawiki.org/w/index.php?title=Talk:Wikidata_query_service&action=edit&section=new";
 data-i18n="wdqs-app-help-feedback"></a></li>
+                                                                       <li><a 
target="_blank" rel="noopener" href="copyright.html" 
data-i18n="wdqs-app-help-copy"></a></li>
                                                                </ul>
                                                        </div>
                                                </li>
diff --git a/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js 
b/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
index 355f0a5..3b1a529 100644
--- a/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
+++ b/wikibase/queryService/ui/resultBrowser/helper/FormatterHelper.js
@@ -108,7 +108,7 @@
 
                switch ( data.datatype || data.type ) {
                case TYPE_URI:
-                       var $link = $( '<a>' ).attr( { title: title, href: 
value, target: '_blank' } );
+                       var $link = $( '<a>' ).attr( { title: title, href: 
value, target: '_blank', rel: 'noopener' } );
                        $html.append( $link );
 
                        if ( this.isCommonsResource( value ) ) {

-- 
To view, visit https://gerrit.wikimedia.org/r/355557
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I4d5c5d6949222ea2c971395d3155e87f0d1acf36
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/gui
Gerrit-Branch: master
Gerrit-Owner: Lucas Werkmeister (WMDE) <lucas.werkmeis...@wikimedia.de>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] wikidata...gui[master]: Add rel="noopener" to many target="_blank" links

Reply via email to