go-shiori/shiori
1
1
Fork 0
mirror of https://github.com/go-shiori/shiori.git synced 2025-09-06 13:05:30 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: use noreferer to prevent exposing shiori instance url to archived websites (#802)

Browse source
This commit is contained in:
istiak101 2023-12-27 16:59:16 +06:00 committed by GitHub
parent 188ce68761
commit f01f2dbc0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
internal/view/assets/js/component/bookmark.js
View file

@ -4,7 +4,7 @@ var template = `
v-if="editMode"
@click="selectBookmark">
</a>
<a class="bookmark-link" :href="mainURL" target="_blank" rel="noopener">
<a class="bookmark-link" :href="mainURL" target="_blank" rel="noopener noreferrer">
<span class="thumbnail" v-if="thumbnailVisible" :style="thumbnailStyleURL"></span>
<p class="title" dir="auto">{{title}}
<i v-if="hasContent" class="fas fa-file-alt"></i>
@ -19,7 +19,7 @@ var template = `
</div>
<div class="spacer"></div>
<div class="bookmark-menu">
<a class="url" :href="url" target="_blank" rel="noopener">
<a class="url" :href="url" target="_blank" rel="noopener noreferrer">
{{hostnameURL}}
</a>
<template v-if="!editMode && menuVisible">

4
internal/view/content.html
View file

@ -26,7 +26,7 @@
<p id="metadata" v-cloak>Added {{localtime()}}</p>
<p id="title" dir="auto">$$.Book.Title$$</p>
<div id="links">
<a href="$$.Book.URL$$" target="_blank" rel="noopener">View Original</a>
<a href="$$.Book.URL$$" target="_blank" rel="noopener noreferrer">View Original</a>
$$if .Book.HasArchive$$
<a href="bookmark/$$.Book.ID$$/archive">View Archive</a>
$$end$$
@ -82,7 +82,7 @@
document.querySelectorAll("#content a").forEach(elem => {
elem.setAttribute("target", "_blank");
elem.setAttribute("rel", "noopener");
elem.setAttribute("rel", "noopener noreferrer");
});
}
});

2
internal/webserver/handler.go
View file

@ -75,7 +75,7 @@ func (h *Handler) PrepareTemplates() error {
`<div id="shiori-archive-header">
<p id="shiori-logo"><span></span>shiori</p>
<div class="spacer"></div>
<a href="$$.URL$$" target="_blank">View Original</a>
<a href="$$.URL$$" target="_blank" rel="noopener noreferrer">View Original</a>
$$if .HasContent$$
<a href="/bookmark/$$.ID$$/content">View Readable</a>
$$end$$