Skip to content
This repository was archived by the owner on Jan 22, 2019. It is now read-only.

Commit 2836554

Browse files
author
Stephen Gutekanst
committed
fix: do not leak referrer when clicking Sourcegraph extension links
Prior to this change clicking a link provided by a Sourcegraph extension would leak referrer information. We apply the same `rel` attribute in Sourcegraph to prevent this: https://sourcegraph.com/github.com/sourcegraph/sourcegraph@4ac84723437a325405bf073a99f45fae1be9ec43/-/blob/src/repo/blob/LineDecorationAttachment.tsx#L52:17 Now we also prevent it here in the browser extension. Fixes sourcegraph/sourcegraph-extension-api#106
1 parent 3e13ce2 commit 2836554

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

src/libs/code_intelligence/extensions.tsx

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,10 @@ export const applyDecoration = (
179179

180180
// External URLs should open in a new tab, whereas relative URLs
181181
// should not.
182-
link.setAttribute('target', /^https?:\/\//.test(url) ? '_blank' : undefined)
182+
link.setAttribute('target', /^https?:\/\//.test(url) ? '_blank' : '')
183+
184+
// Avoid leaking referrer URLs (which contain repository and path names, etc.) to external sites.
185+
link.setAttribute('rel', 'noreferrer noopener')
183186

184187
link.style.color = decoration.after!.color || null
185188
link.appendChild(e)

0 commit comments

Comments
 (0)