Fix the security of cross-origin destinations link.

This commit is contained in:
Cotes Chung 2020-10-27 04:11:21 +08:00
parent ad5b614304
commit 5741aa4e18
4 changed files with 6 additions and 5 deletions

View file

@ -1,2 +1,3 @@
name: Chirpy name: Chirpy
version: v2.5.1 version: v2.5.1
homepage: https://github.com/cotes2020/jekyll-theme-chirpy/

View file

@ -22,9 +22,9 @@
<div class="footer-right"> <div class="footer-right">
<p class="mb-0"> <p class="mb-0">
Powered by Powered by
<a href="https://jekyllrb.com" target="_blank">Jekyll</a> <a href="https://jekyllrb.com" target="_blank" rel="noopener">Jekyll</a>
with with
<a href="https://github.com/cotes2020/jekyll-theme-chirpy/">Chirpy</a> <a href="{{ site.data.meta.homepage }}" target="_blank" rel="noopener">{{ site.data.meta.name }}</a>
theme. theme.
</p> </p>
</div> </div>

View file

@ -16,7 +16,7 @@
{% for share in site.data.share.platforms %} {% for share in site.data.share.platforms %}
{% assign link = share.link | replace: 'TITLE', title | replace: 'URL', url %} {% assign link = share.link | replace: 'TITLE', title | replace: 'URL', url %}
<a href="{{ link }}" data-toggle="tooltip" data-placement="top" <a href="{{ link }}" data-toggle="tooltip" data-placement="top"
title="{{ share.type }}" target="_blank"> title="{{ share.type }}" target="_blank" rel="noopener">
<i class="fa-fw {{ share.icon }}"></i> <i class="fa-fw {{ share.icon }}"></i>
</a> </a>
{% endfor %} {% endfor %}

View file

@ -81,7 +81,7 @@
{% endcapture %} {% endcapture %}
{% if url != '' %} {% if url != '' %}
<a href="{{ url }}" {% unless entry.noblank %}target="_blank"{% endunless %}> <a href="{{ url }}" {% unless entry.noblank %}target="_blank" rel="noopener"{% endunless %}>
<i class="{{ entry.icon }}"></i> <i class="{{ entry.icon }}"></i>
</a> </a>
{% endif %} {% endif %}