Skip to content

Commit

Permalink
fix: Improve External Link Security - Meeds-io/MIPs#159
Browse files Browse the repository at this point in the history
Prior to this change, the target external link of sidebar items was all time 'NEW TAB Strategy' and without a 'rel' attribute. This change will fix the behavior of 'External Link Target' in addition to the Security fix of missing 'rel' attribute.
  • Loading branch information
boubaker committed Dec 9, 2024
1 parent 2b42af0 commit cec2456
Show file tree
Hide file tree
Showing 7 changed files with 26 additions and 1 deletion.
5 changes: 5 additions & 0 deletions webapp/src/main/webapp/vue-apps/common/js/NavigationUtils.js
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,8 @@ export function getNavigationNodeTarget(navigation) {
navigation.nodeTarget = navigation?.target === 'SAME_TAB' && '_self' || '_blank';
return navigation.nodeTarget;
}

export function getNavigationNodeRel(navigation) {
navigation.nodeRel = navigation?.target === 'NEW_TAB' && 'nofollow noreferrer noopener' || null;
return navigation.nodeRel;
}
Original file line number Diff line number Diff line change
Expand Up @@ -270,7 +270,10 @@ export default {
const attributes = {};
if (this.isUrl) {
attributes.href = this.url;
attributes.target = this.item.target;
attributes.target = this.target;
if (attributes.target === '_blank') {
attributes.rel = 'nofollow noreferrer noopener';
}
}
return attributes;
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
<a
:href="uri"
:target="target"
:rel="rel"
:ripple="false"
class="d-flex px-0"
@mouseover="showAction = true"
Expand Down Expand Up @@ -108,6 +109,9 @@ export default {
target() {
return this.navigation?.target === 'SAME_TAB' && '_self' || '_blank';
},
rel() {
return this.target === '_blank' && 'nofollow noreferrer noopener' || null;
},
icon() {
return this.navigation?.icon || 'fas fa-folder';
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
v-if="hasPage || hasChildren && childrenHasPage"
:href="navigationNodeUri"
:target="navigationNodeTarget"
:rel="navigationNodeRel"
:link="hasPage"
:aria-label="navigation.label"
:class="`mx-auto text-break ${notClickable}`"
Expand Down Expand Up @@ -111,6 +112,9 @@ export default {
navigationNodeTarget() {
return this.$navigationUtils.getNavigationNodeTarget(this.navigation);
},
navigationNodeRel() {
return this.$navigationUtils.getNavigationNodeRel(this.navigation);
},
childrenHasPage() {
return this.checkChildrenHasPage(this.navigation);
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
v-if="hasPage || hasChildren && childrenHasPage"
:href="navigationNodeUri"
:target="navigationNodeTarget"
:rel="navigationNodeRel"
:link="!!hasPage"
class="pt-0 pb-0"
@click="checkLink">
Expand Down Expand Up @@ -123,6 +124,9 @@ export default {
navigationNodeTarget() {
return this.$navigationUtils.getNavigationNodeTarget(this.navigation);
},
navigationNodeRel() {
return this.$navigationUtils.getNavigationNodeRel(this.navigation);
},
isSelected() {
return this.navigationNodeUri === this.selectedPath;
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
v-bind="attrs"
:href="navigationNodeUri"
:target="navigationNodeTarget"
:rel="navigationNodeRel"
:disabled="!hasPage && !hasChildren"
:link="hasPage"
:aria-label="navigation.label"
Expand Down Expand Up @@ -100,6 +101,9 @@ export default {
navigationNodeTarget() {
return this.$navigationUtils.getNavigationNodeTarget(this.navigation);
},
navigationNodeRel() {
return this.$navigationUtils.getNavigationNodeRel(this.navigation);
},
},
methods: {
updateNavigationState(value) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
:key="nav.id"
:href="nav.nodeUri || $navigationUtils.getNavigationNodeUri(baseSiteUri, nav)"
:target="nav.nodeTarget || $navigationUtils.getNavigationNodeTarget(nav)"
:rel="nav.nodeRel || $navigationUtils.getNavigationNodeRel(nav)"
:link="!!nav.pageKey"
@click="checkLink(nav, $event)">
<v-list-item-content>
Expand Down

0 comments on commit cec2456

Please sign in to comment.