From d13fdbb25fb02585affb8546eabfc04ca5883a04 Mon Sep 17 00:00:00 2001
From: Adam Leskis <leskis@gmail.com>
Date: Tue, 25 Aug 2020 10:08:18 +0100
Subject: [PATCH] add rel attribute to prevent clickjacking

`noopener` and `noreferrer` both address clickjacking vulnerabilities on `target="_blank"`, though `noopener` isn't supported in some legacy browsers, while `noreferrer` is supported, and is ignored by more recent browsers. So adding both is currently the easiest way to support everything.
---
 layouts/partials/footer.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/layouts/partials/footer.html b/layouts/partials/footer.html
index dfb1f64d7c..fba6c48ebb 100644
--- a/layouts/partials/footer.html
+++ b/layouts/partials/footer.html
@@ -30,7 +30,7 @@
 <ul class="list-inline mb-0">
   {{ range . }}
   <li class="list-inline-item mx-2 h3" data-toggle="tooltip" data-placement="top" title="{{ .name }}" aria-label="{{ .name }}">
-    <a class="text-white" target="_blank" href="{{ .url }}">
+    <a class="text-white" target="_blank" rel="noopener noreferrer" href="{{ .url }}">
       <i class="{{ .icon }}"></i>
     </a>
   </li>