Add noreferrer to rel='noopener` for <a> tags (#4328)

2025-07-13 14:07:20 +00:00 · 2018-07-04 02:52:36 +03:00
parent 4b654ad17f
commit 51ba3df5ff
17 changed files with 59 additions and 59 deletions
--- a/models/repo.go
+++ b/models/repo.go
@ -781,7 +781,7 @@ var (
 // DescriptionHTML does special handles to description and return HTML string.
 func (repo *Repository) DescriptionHTML() template.HTML {
 	sanitize := func(s string) string {
-		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener">%[1]s</a>`, s)
+		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener noreferrer">%[1]s</a>`, s)
 	}
 	return template.HTML(descPattern.ReplaceAllStringFunc(markup.Sanitize(repo.Description), sanitize))
 }