Add noreferrer to rel='noopener` for <a> tags

models/repo.go

@@ -781,7 +781,7 @@ var (
 // DescriptionHTML does special handles to description and return HTML string.
 func (repo *Repository) DescriptionHTML() template.HTML {
 	sanitize := func(s string) string {
-		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener">%[1]s</a>`, s)
+		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener noreferrer">%[1]s</a>`, s)
 	}
 	return template.HTML(descPattern.ReplaceAllStringFunc(markup.Sanitize(repo.Description), sanitize))
 }

templates/base/footer.tmpl

@@ -17,7 +17,7 @@
 			</div>
 			<div class="ui right links">
 				{{if .ShowFooterBranding}}
-					<a target="_blank" rel="noopener" href="https://github.com/go-gitea/gitea"><i class="fa fa-github-square"></i><span class="sr-only">GitHub</span></a>
+					<a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea"><i class="fa fa-github-square"></i><span class="sr-only">GitHub</span></a>
 				{{end}}
 				<div class="ui language bottom floating slide up dropdown link item">
 					<i class="world icon"></i>
@@ -30,7 +30,7 @@
 				</div>
 				<a href="{{AppSubUrl}}/vendor/librejs.html" data-jslicense="1">JavaScript licenses</a>
 				{{if .EnableSwaggerEndpoint}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
-				<a target="_blank" rel="noopener" href="https://gitea.io">{{.i18n.Tr "website"}}</a>
+				<a target="_blank" rel="noopener noreferrer" href="https://gitea.io">{{.i18n.Tr "website"}}</a>
 				{{if (or .ShowFooterVersion .PageIsAdmin)}}<span class="version">{{GoVer}}</span>{{end}}
 			</div>
 		</div>

templates/mail/auth/activate.tmpl

@@ -10,6 +10,6 @@
 	<p>Please click the following link to activate your account within <b>{{.ActiveCodeLives}}</b>:</p>
 	<p><a href="{{AppUrl}}user/activate?code={{.Code}}">{{AppUrl}}user/activate?code={{.Code}}</a></p>
 	<p>Not working? Try copying and pasting it to your browser.</p>
-	<p>© <a target="_blank" rel="noopener" href="{{AppUrl}}">{{AppName}}</a></p>
+	<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>
 </html>

templates/mail/auth/activate_email.tmpl

@@ -10,6 +10,6 @@
 	<p>Please click the following link to verify your email address within <b>{{.ActiveCodeLives}}</b>:</p>
 	<p><a href="{{AppUrl}}user/activate_email?code={{.Code}}&email={{.Email}}">{{AppUrl}}user/activate_email?code={{.Code}}&email={{.Email}}</a></p>
 	<p>Not working? Try copying and pasting it to your browser.</p>
-	<p>© <a target="_blank" rel="noopener" href="{{AppUrl}}">{{AppName}}</a></p>
+	<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>
 </html>

templates/mail/auth/register_notify.tmpl

@@ -10,6 +10,6 @@
 	<p>You can now login via username: {{.Username}}.</p>
 	<p><a href="{{AppUrl}}user/login">{{AppUrl}}user/login</a></p>
 	<p>If this account has been created for you, please <a href="{{AppUrl}}user/forgot_password">reset your password</a> first.</p>
-	<p>© <a target="_blank" rel="noopener" href="{{AppUrl}}">{{AppName}}</a></p>
+	<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>
 </html>

templates/mail/auth/reset_passwd.tmpl

@@ -10,6 +10,6 @@
 	<p>Please click the following link to reset your password within <b>{{.ResetPwdCodeLives}}</b>:</p>
 	<p><a href="{{AppUrl}}user/reset_password?code={{.Code}}">{{AppUrl}}user/reset_password?code={{.Code}}</a></p>
 	<p>Not working? Try copying and pasting it to your browser.</p>
-	<p>© <a target="_blank" rel="noopener" href="{{AppUrl}}">{{AppName}}</a></p>
+	<p>© <a target="_blank" rel="noopener noreferrer" href="{{AppUrl}}">{{AppName}}</a></p>
 </body>
 </html>

templates/org/home.tmpl

@@ -12,7 +12,7 @@
 			{{if .Org.Description}}<p class="desc">{{.Org.Description}}</p>{{end}}
 			<div class="text grey meta">
 				{{if .Org.Location}}<div class="item"><span class="octicon octicon-location"></span> <span>{{.Org.Location}}</span></div>{{end}}
-				{{if .Org.Website}}<div class="item"><span class="octicon octicon-link"></span> <a target="_blank" rel="noopener" href="{{.Org.Website}}">{{.Org.Website}}</a></div>{{end}}
+				{{if .Org.Website}}<div class="item"><span class="octicon octicon-link"></span> <a target="_blank" rel="noopener noreferrer" href="{{.Org.Website}}">{{.Org.Website}}</a></div>{{end}}
 			</div>
 		</div>
 	</div>

templates/repo/commit_status.tmpl

@@ -1,15 +1,15 @@
 {{if eq .State "pending"}}
-	<a href="{{.TargetURL}}" target=_blank><i class="commit-status circle icon yellow"></i></a>
+	<a href="{{.TargetURL}}" target="_blank" rel="noopener noreferrer"><i class="commit-status circle icon yellow"></i></a>
 {{end}}
 {{if eq .State "success"}}
-	<a href="{{.TargetURL}}" target=_blank><i class="commit-status check icon green"></i></a>
+	<a href="{{.TargetURL}}" target="_blank" rel="noopener noreferrer"><i class="commit-status check icon green"></i></a>
 {{end}}
 {{if eq .State "error"}}
-	<a href="{{.TargetURL}}" target=_blank><i class="commit-status warning icon red"></i></a>
+	<a href="{{.TargetURL}}" target="_blank" rel="noopener noreferrer"><i class="commit-status warning icon red"></i></a>
 {{end}}
 {{if eq .State "failure"}}
-	<a href="{{.TargetURL}}" target=_blank><i class="commit-status remove icon red"></i></a>
+	<a href="{{.TargetURL}}" target="_blank" rel="noopener noreferrer"><i class="commit-status remove icon red"></i></a>
 {{end}}
 {{if eq .State "warning"}}
-	<a href="{{.TargetURL}}" target=_blank><i class="commit-status warning sign icon yellow"></i></a>
-{{end}}
+	<a href="{{.TargetURL}}" target="_blank" rel="noopener noreferrer"><i class="commit-status warning sign icon yellow"></i></a>
+{{end}}

templates/repo/header.tmpl

@@ -8,7 +8,7 @@
 					<a href="{{AppSubUrl}}/{{.Owner.Name}}">{{.Owner.Name}}</a>
 					<div class="divider"> / </div>
 					<a href="{{$.RepoLink}}">{{.Name}}</a>
-					{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener" href="{{$.Mirror.Address}}">{{$.Mirror.Address}}</a></div>{{end}}
+					{{if .IsMirror}}<div class="fork-flag">{{$.i18n.Tr "repo.mirror_from"}} <a target="_blank" rel="noopener noreferrer" href="{{$.Mirror.Address}}">{{$.Mirror.Address}}</a></div>{{end}}
 					{{if .IsFork}}<div class="fork-flag">{{$.i18n.Tr "repo.forked_from"}} <a href="{{.BaseRepo.Link}}">{{SubStr .BaseRepo.RelLink 1 -1}}</a></div>{{end}}
 				</div>
 			</div>
@@ -60,7 +60,7 @@
 			{{end}}
 
 			{{if .Repository.UnitEnabled $.UnitTypeExternalTracker}}
-				<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoLink}}/issues" target="_blank">
+				<a class="{{if .PageIsIssueList}}active{{end}} item" href="{{.RepoLink}}/issues" target="_blank" rel="noopener noreferrer">
 					<i class="octicon octicon-issue-opened"></i> {{.i18n.Tr "repo.issues"}} </span>
 				</a>
 			{{end}}
@@ -78,7 +78,7 @@
 			{{end}}
 
 			{{if or (.Repository.UnitEnabled $.UnitTypeWiki) (.Repository.UnitEnabled $.UnitTypeExternalWiki)}}
-				<a class="{{if .PageIsWiki}}active{{end}} item" href="{{.RepoLink}}/wiki" {{if (.Repository.UnitEnabled $.UnitTypeExternalWiki)}} target="_blank" {{end}}>
+				<a class="{{if .PageIsWiki}}active{{end}} item" href="{{.RepoLink}}/wiki" {{if (.Repository.UnitEnabled $.UnitTypeExternalWiki)}} target="_blank" rel="noopener noreferrer" {{end}}>
 					<i class="octicon octicon-book"></i> {{.i18n.Tr "repo.wiki"}}
 				</a>
 			{{end}}

templates/repo/issue/labels.tmpl

@@ -63,7 +63,7 @@
 						<div class="ui attached left aligned segment">
 							<!-- <h4 class="ui header">
 								{{.i18n.Tr "repo.issues.label_templates.title"}}
-								<a target="_blank" rel="noopener"
+								<a target="_blank" rel="noopener noreferrer"
 								   href="https://discuss.gogs.io/t/how-to-use-predefined-label-templates/599">
 									<span class="octicon octicon-question"></span>
 								</a>

templates/repo/issue/view_content.tmpl

@@ -48,7 +48,7 @@
 						<div class="ui bottom attached segment">
 							<div class="ui small images">
 								{{range .Issue.Attachments}}
-									<a target="_blank" rel="noopener" href="{{AppSubUrl}}/attachments/{{.UUID}}">
+									<a target="_blank" rel="noopener noreferrer" href="{{AppSubUrl}}/attachments/{{.UUID}}">
 										{{if FilenameIsImage .Name}}
 											<img class="ui image" src="{{AppSubUrl}}/attachments/{{.UUID}}" title='{{$.i18n.Tr "repo.issues.attachment.open_tab" .Name}}'>
 										{{else}}

templates/repo/issue/view_content/comments.tmpl

@@ -52,7 +52,7 @@
 					<div class="ui bottom attached segment">
 						<div class="ui small images">
 							{{range .Attachments}}
-								<a target="_blank" rel="noopener" href="{{AppSubUrl}}/attachments/{{.UUID}}">
+								<a target="_blank" rel="noopener noreferrer" href="{{AppSubUrl}}/attachments/{{.UUID}}">
 									{{if FilenameIsImage .Name}}
 										<img class="ui image" src="{{AppSubUrl}}/attachments/{{.UUID}}" title='{{$.i18n.Tr "repo.issues.attachment.open_tab" .Name}}'>
 									{{else}}

templates/repo/release/list.tmpl

@@ -77,7 +77,7 @@
 									{{if .Attachments}}
 									{{range .Attachments}}
 									<li>
-										<a target="_blank" rel="noopener" href="{{AppSubUrl}}/attachments/{{.UUID}}">
+										<a target="_blank" rel="noopener noreferrer" href="{{AppSubUrl}}/attachments/{{.UUID}}">
 											<strong><span class="ui image octicon octicon-package" title='{{.Name}}'></span> {{.Name}}</strong>
 											<span class="ui text grey right">{{.Size | FileSize}}</span>
 										</a>

templates/repo/user_cards.tmpl

@@ -12,7 +12,7 @@
 
 				<div class="meta">
 					{{if .Website}}
-						<span class="octicon octicon-link"></span> <a href="{{.Website}}" target="_blank" rel="noopener">{{.Website}}</a>
+						<span class="octicon octicon-link"></span> <a href="{{.Website}}" target="_blank" rel="noopener noreferrer">{{.Website}}</a>
 					{{else if .Location}}
 						<span class="octicon octicon-location"></span> {{.Location}}
 					{{else}}

templates/user/profile.tmpl

@@ -31,14 +31,14 @@
 							{{if .Owner.Website}}
 								<li>
 									<i class="octicon octicon-link"></i>
-									<a target="_blank" rel="noopener" href="{{.Owner.Website}}">{{.Owner.Website}}</a>
+									<a target="_blank" rel="noopener noreferrer" href="{{.Owner.Website}}">{{.Owner.Website}}</a>
 								</li>
 							{{end}}
 							{{range .OpenIDs}}
 								{{if .Show}}
 									<li>
 										<i class="fa fa-openid"></i>
-										<a target="_blank" rel="noopener" href="{{.URI}}">{{.URI}}</a>
+										<a target="_blank" rel="noopener noreferrer" href="{{.URI}}">{{.URI}}</a>
 									</li>
 								{{end}}
 							{{end}}