Skip to content

Commit 5902704

Browse files
a-z-ivanovilhan007
a-z-ivanov
authored and
ilhan007
committed
fix(ui5-link): noreferrer for cross-origin links (#202)
1 parent dbb98c8 commit 5902704

File tree

3 files changed

+32
-3
lines changed

3 files changed

+32
-3
lines changed

packages/main/src/Link.hbs

+1
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
role="link"
44
href="{{ctr.href}}"
55
target="{{ctr.target}}"
6+
rel="{{ctr._rel}}"
67
tabindex="{{tabIndex}}"
78
?disabled="{{ctr.disabled}}"
89
aria-disabled="{{ariaDisabled}}">

packages/main/src/Link.js

+28
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,10 @@ const metadata = {
9292
wrap: {
9393
type: Boolean,
9494
},
95+
96+
_rel: {
97+
type: String,
98+
},
9599
},
96100
events: /** @lends sap.ui.webcomponents.main.Link.prototype */ {
97101

@@ -149,6 +153,11 @@ const metadata = {
149153
* @public
150154
*/
151155
class Link extends WebComponent {
156+
constructor() {
157+
super();
158+
this._dummyAnchor = document.createElement("a");
159+
}
160+
152161
static get metadata() {
153162
return metadata;
154163
}
@@ -157,6 +166,15 @@ class Link extends WebComponent {
157166
return LinkRederer;
158167
}
159168

169+
170+
onBeforeRendering() {
171+
const needsNoReferrer = this.target === "_blank"
172+
&& this.href
173+
&& this._isCrossOrigin();
174+
175+
this._rel = needsNoReferrer ? "noreferrer" : undefined;
176+
}
177+
160178
onclick(event) {
161179
if (this.disabled) {
162180
return;
@@ -198,6 +216,16 @@ class Link extends WebComponent {
198216
}
199217
}
200218

219+
_isCrossOrigin() {
220+
const loc = window.location;
221+
222+
this._dummyAnchor.href = this.href;
223+
224+
return !(this._dummyAnchor.hostname === loc.hostname
225+
&& this._dummyAnchor.port === loc.port
226+
&& this._dummyAnchor.protocol === loc.protocol);
227+
}
228+
201229
static get calculateTemplateContext() {
202230
return LinkTemplateContext.calculate;
203231
}

packages/main/test/sap/ui/webcomponents/main/pages/Link.html

+3-3
Original file line numberDiff line numberDiff line change
@@ -35,13 +35,13 @@
3535

3636
<body>
3737
<section class="group">
38-
<h2>link</h2>
39-
<ui5-link href="#" id="link">link</ui5-link><span>native span</span>
38+
<h2>cross-origin</h2>
39+
<ui5-link href="https://www.google.com" target="_blank" id="link">link</ui5-link><span>native span</span>
4040
</section>
4141

4242
<section class="group">
4343
<h2>Disabled link</h2>
44-
<ui5-link id="disabled-link" disabled>Disabled link</ui5-link>
44+
<ui5-link href="/a.html" id="disabled-link" disabled>Disabled link</ui5-link>
4545
</section>
4646

4747
<section class="group">

0 commit comments

Comments
 (0)