LP#1559239: use rel="noopener" when opening external URLs in a new tab

Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>

diff --git a/Open-ILS/src/templates/opac/parts/record/summary.tt2 b/Open-ILS/src/templates/opac/parts/record/summary.tt2
index 3bc0ef5..fb6f84a 100644 (file)
--- a/Open-ILS/src/templates/opac/parts/record/summary.tt2
+++ b/Open-ILS/src/templates/opac/parts/record/summary.tt2
@@ -191,7 +191,7 @@
         FOREACH res IN openurls;
 %]
         <tr>
-            <td class='rdetail_openurl_entry'><a href="[% res.target_url %]" target="_blank">[% res.public_name | html %]</a></td>
+            <td class='rdetail_openurl_entry'><a href="[% res.target_url %]" target="_blank" rel="noopener">[% res.public_name | html %]</a></td>
             <td>[% res.target_coverage | html %]
             [%- IF res.target_embargo != '';
                     ' - ';
@@ -218,7 +218,7 @@ IF num_uris > 0;
         [%- ELSE -%]
             <li class="rdetail_uri" property="offers" vocab="http://schema.org/" typeof="Offer">
         [%- END -%]
-        <a href="[% uri.href %]" class="uri_link" property="url" target="_blank">
+        <a href="[% uri.href %]" class="uri_link" property="url" target="_blank" rel="noopener">
         [%- IF uri.href != uri.link;
                 '<span property="description">' _ uri.link _ '</span>';
             ELSE;

diff --git a/Open-ILS/src/templates/opac/parts/result/table.tt2 b/Open-ILS/src/templates/opac/parts/result/table.tt2
index 21652c4..c06f440 100644 (file)
--- a/Open-ILS/src/templates/opac/parts/result/table.tt2
+++ b/Open-ILS/src/templates/opac/parts/result/table.tt2
@@ -348,7 +348,7 @@ END;
                                                                 <td valign='top'>
                                                                     <strong>[% l('Electronic resource') %]</strong>
                                                                 </td>
-                                                                <td><a href="[% uri.href %]" class="uri_link" target="_blank">[% uri.link | html %]</a>[% ' - ' _ uri.note | html IF uri.note %]</td>
+                                                                <td><a href="[% uri.href %]" class="uri_link" target="_blank" rel="noopener">[% uri.link | html %]</a>[% ' - ' _ uri.note | html IF uri.note %]</td>
                                                             </tr>
                                                             [% END %]
                                                          [% END %]
@@ -513,7 +513,7 @@ END;
                                                                [% html_text_attr('title', l('Reviews and More for [_1]', attrs.title)) %]
                                                                 href="[% ctx.ext_proto %]://contentcafe2.btol.com/ContentCafeClient/ContentCafe.aspx?UserID=[%- 
                                                                     ENV.OILS_CONTENT_CAFE_USER %]&amp;Password=[%-
-                                                                    ENV.OILS_CONTENT_CAFE_PASS %]&amp;ItemKey=[% ident | uri %]&amp;Options=Y" rel="nofollow" vocab="">
+                                                                    ENV.OILS_CONTENT_CAFE_PASS %]&amp;ItemKey=[% ident | uri %]&amp;Options=Y" rel="noopener nofollow" vocab="">
                                                                 <img src='[% ctx.media_prefix %]/images/starz.png[% ctx.cache_key %]' alt="[% l('Ratings Icon') %]"/>
                                                                 <span class="results_reviews">[% l('Reviews &amp; More') %]</span>
                                                             </a>