Fix the security of cross-origin destinations link.

2020-10-27 04:11:21 +08:00 · 2020-10-27 04:11:21 +08:00 · 5741aa4e18
parent ad5b614304
commit 5741aa4e18
4 changed files with 6 additions and 5 deletions
--- a/_data/meta.yml
+++ b/_data/meta.yml
@ -1,2 +1,3 @@
 name: Chirpy
 version: v2.5.1
+homepage: https://github.com/cotes2020/jekyll-theme-chirpy/
--- a/_includes/footer.html
+++ b/_includes/footer.html
@ -22,9 +22,9 @@
    <div class="footer-right">
      <p class="mb-0">
        Powered by
-        <a href="https://jekyllrb.com" target="_blank">Jekyll</a>
+        <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>
        with
-        <a href="https://github.com/cotes2020/jekyll-theme-chirpy/">Chirpy</a>
+        <a href="{{ site.data.meta.homepage }}" target="_blank" rel="noopener">{{ site.data.meta.name }}</a>
        theme.
      </p>
    </div>
--- a/_includes/post-sharing.html
+++ b/_includes/post-sharing.html
@ -16,7 +16,7 @@
    {% for share in site.data.share.platforms %}
      {% assign link = share.link | replace: 'TITLE', title | replace: 'URL', url %}
        <a href="{{ link }}" data-toggle="tooltip" data-placement="top"
-          title="{{ share.type }}" target="_blank">
+          title="{{ share.type }}" target="_blank" rel="noopener">
          <i class="fa-fw {{ share.icon }}"></i>
        </a>
    {% endfor %}
@ -25,4 +25,4 @@
        data-toggle="tooltip" data-placement="top" title="Copy link"></i>

  </span>
-</div>
+</div>
--- a/_includes/sidebar.html
+++ b/_includes/sidebar.html
@ -81,7 +81,7 @@
    {% endcapture %}

    {% if url != '' %}
-    <a href="{{ url }}" {% unless entry.noblank %}target="_blank"{% endunless %}>
+    <a href="{{ url }}" {% unless entry.noblank %}target="_blank" rel="noopener"{% endunless %}>
      <i class="{{ entry.icon }}"></i>
    </a>
    {% endif %}