fix: add rel option to external links in content (#1853)

* #1853: XSS attack fix by adding rel noferrer or rel noopen to _blank target external links * fix: relAttributeExternalLink noopener Co-authored-by: danallendds <daniel.allen@friends.dds.mil> Co-authored-by: Nicolas Giard <github@ngpixel.com>
2020-05-07 16:45:11 -04:00
parent 6624df2c63
commit 4aa7828a92
3 changed files with 11 additions and 1 deletions
--- a/server/modules/rendering/html-core/renderer.js
+++ b/server/modules/rendering/html-core/renderer.js
@@ -115,6 +115,7 @@ module.exports = {
        $(elm).addClass(`is-external-link`)
        if (this.config.openExternalLinkNewTab) {
          $(elm).attr('target', '_blank')
+          $(elm).attr('rel', this.config.relAttributeExternalLink)
        }
      }