[MediaWiki-commits] [Gerrit] VisualEditor/VisualEditor[master]: Use rel="noopener" on links targeted at new windows

Wed, 06 Dec 2017 03:11:26 -0800 

jenkins-bot has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/394373 )

Change subject: Use rel="noopener" on links targeted at new windows
......................................................................


Use rel="noopener" on links targeted at new windows

Bug: T180932
Change-Id: I9b7e32bf110e9a1b96b057242121b59b4c9c9513
---
M src/ui/contextitems/ve.ui.LinkContextItem.js
M src/ve.utils.js
M tests/ui/ve.ui.DiffElement.test.js
3 files changed, 26 insertions(+), 3 deletions(-)

Approvals:
  Esanders: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/src/ui/contextitems/ve.ui.LinkContextItem.js 
b/src/ui/contextitems/ve.ui.LinkContextItem.js
index ffc3c06..3fb1c51 100644
--- a/src/ui/contextitems/ve.ui.LinkContextItem.js
+++ b/src/ui/contextitems/ve.ui.LinkContextItem.js
@@ -61,7 +61,8 @@
                        .text( this.getDescription() )
                        .attr( {
                                href: ve.resolveUrl( this.model.getHref(), 
htmlDoc ),
-                               target: '_blank'
+                               target: '_blank',
+                               rel: 'noopener'
                        } )
        );
 };
diff --git a/src/ve.utils.js b/src/ve.utils.js
index 72eb3dc..d094d25 100644
--- a/src/ve.utils.js
+++ b/src/ve.utils.js
@@ -1043,11 +1043,33 @@
 ve.targetLinksToNewWindow = function ( container ) {
        // Make all links open in a new window
        Array.prototype.forEach.call( container.querySelectorAll( 'a[href]' ), 
function ( el ) {
+               ve.appendToRel( el, 'noopener' );
                el.setAttribute( 'target', '_blank' );
        } );
 };
 
 /**
+ * Add a value to an element's rel attribute if it's not already present
+ *
+ * Rel is like class: it's actually a set, represented as a string. We don't
+ * want to add the same value to the attribute if this function is called
+ * repeatedly. This is mostly a placeholder for the relList property someday
+ * becoming widely supported.
+ *
+ * @param  {HTMLElement} element DOM element whose attribute should be checked
+ * @param  {string} value New rel value to be added
+ */
+ve.appendToRel = function ( element, value ) {
+       var rel = element.getAttribute( 'rel' );
+       if ( !rel ) {
+               // Avoid all that string-creation if it's not needed
+               element.setAttribute( 'rel', value );
+       } else if ( ( ' ' + rel + ' ' ).indexOf( ' ' + value + ' ' ) === -1 ) {
+               element.setAttribute( 'rel', rel + ' ' + value );
+       }
+};
+
+/**
  * Check if a string is a valid URI component.
  *
  * A URI component is considered invalid if decodeURIComponent() throws an 
exception.
diff --git a/tests/ui/ve.ui.DiffElement.test.js 
b/tests/ui/ve.ui.DiffElement.test.js
index d8983a3..624888f 100644
--- a/tests/ui/ve.ui.DiffElement.test.js
+++ b/tests/ui/ve.ui.DiffElement.test.js
@@ -375,7 +375,7 @@
                                newDoc: '<p>foo <a 
href="http://example.org/whee";>bar</a> baz</p>',
                                expected:
                                        '<div 
class="ve-ui-diffElement-doc-child-change">' +
-                                               '<p>foo <span 
data-diff-action="change-remove"><a href="http://example.org/quuz"; 
target="_blank">bar</a></span><span data-diff-action="change-insert" 
data-diff-id="0"><a href="http://example.org/whee"; 
target="_blank">bar</a></span> baz</p>' +
+                                               '<p>foo <span 
data-diff-action="change-remove"><a href="http://example.org/quuz"; 
rel="noopener" target="_blank">bar</a></span><span 
data-diff-action="change-insert" data-diff-id="0"><a 
href="http://example.org/whee"; rel="noopener" target="_blank">bar</a></span> 
baz</p>' +
                                        '</div>'
                        },
                        {
@@ -384,7 +384,7 @@
                                newDoc: '<p><a href="http://example.org/";>foo 
<b>bar</b> baz</a></p>',
                                expected:
                                        '<div 
class="ve-ui-diffElement-doc-child-change">' +
-                                               '<p><a 
href="http://example.org/"; target="_blank">foo <del 
data-diff-action="remove">bar</del><ins 
data-diff-action="insert"><b>bar</b></ins> baz</a></p>' +
+                                               '<p><a 
href="http://example.org/"; rel="noopener" target="_blank">foo <del 
data-diff-action="remove">bar</del><ins 
data-diff-action="insert"><b>bar</b></ins> baz</a></p>' +
                                        '</div>'
                        },
                        {

-- 
To view, visit https://gerrit.wikimedia.org/r/394373
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I9b7e32bf110e9a1b96b057242121b59b4c9c9513
Gerrit-PatchSet: 7
Gerrit-Project: VisualEditor/VisualEditor
Gerrit-Branch: master
Gerrit-Owner: DLynch <dly...@wikimedia.org>
Gerrit-Reviewer: DLynch <dly...@wikimedia.org>
Gerrit-Reviewer: Esanders <esand...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to