Mercurial > p > roundup > code
view share/roundup/templates/devel/html/query.js @ 5684:97e2125e064c
When we generate links from URL's in messages, we add rel="nofollow"
to combat link spam. This change turns that into rel="nofollow
noopener". This prevents the page at the end of the link from having
access to the roundup window that displays the link.
Details on the issue are are at:
https://mathiasbynens.github.io/rel-noopener/
search web for noopener vulnerability. This problem usually requires a
target="_blank" to really exploit it and we don't provide that. But
adding noopener is extra protection.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sat, 30 Mar 2019 21:15:33 -0400 |
| parents | 04264349c483 |
| children |
line wrap: on
line source
var action; function display(data) { var list = $("div.list"); list.empty(); list.append(data); } // Run a query with a specific starting point and size function query_start(start, size) { var inputs = $(":input"); var data = {} if (start > 0) data['@startwith'] = start if (size > -1) data['@pagesize'] = size for (var i = 0; i < inputs.length; i++) data[inputs[i].name] = inputs[i].value; jQuery.get(action, data, display); return false; } // Run a query, starting at the first element function query() { return query_start(0, -1) } // Deactivate the form's submit action, and instead // invoke the action as part of (inline) query. function replace_submit() { var form = $("form"); action = form.attr("action"); form.attr("action",""); // reset form.submit(query); } $(document).ready(replace_submit);