aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-markdown/src
diff options
context:
space:
mode:
authorZipeng WU <zipeng.wu@sonarsource.com>2022-12-15 11:24:01 +0100
committersonartech <sonartech@sonarsource.com>2022-12-19 20:02:46 +0000
commit867a7b57aac83b83dd1e99942f6342389affa89d (patch)
tree0b28c0cbca9e7cb5743ef55e24eac7cfc28dd419 /sonar-markdown/src
parent4bdd63589597f5b32f04f02a3a32fe3e6e2927d4 (diff)
downloadsonarqube-867a7b57aac83b83dd1e99942f6342389affa89d.tar.gz
sonarqube-867a7b57aac83b83dd1e99942f6342389affa89d.zip
SONAR-17579 add security Link attributes noopener and noreferrer
Diffstat (limited to 'sonar-markdown/src')
-rw-r--r--sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java2
-rw-r--r--sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java6
-rw-r--r--sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java4
3 files changed, 8 insertions, 4 deletions
diff --git a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java
index cccae47ce95..66e88e15c5f 100644
--- a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java
+++ b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java
@@ -49,7 +49,7 @@ class HtmlLinkChannel extends RegexChannel<MarkdownOutput> {
String url = matcher.group(2);
output.append("<a href=\"");
output.append(url);
- output.append("\" target=\"_blank\">");
+ output.append("\" target=\"_blank\" rel=\"noopener noreferrer\">");
output.append(content);
output.append("</a>");
}
diff --git a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java
index 5aadee1a0fb..50424d4b0c3 100644
--- a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java
+++ b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java
@@ -33,6 +33,10 @@ class HtmlUrlChannel extends RegexChannel<MarkdownOutput> {
@Override
protected void consume(CharSequence token, MarkdownOutput output) {
- output.append("<a href=\"" + token + "\" target=\"_blank\">" + token + "</a>");
+ output.append("<a href=\"");
+ output.append(token);
+ output.append("\" target=\"_blank\" rel=\"noopener noreferrer\">");
+ output.append(token);
+ output.append("</a>");
}
}
diff --git a/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java b/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java
index d0c64578bb2..b4838a12d8d 100644
--- a/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java
+++ b/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java
@@ -28,13 +28,13 @@ public class MarkdownTest {
@Test
public void shouldDecorateUrl() {
assertThat(Markdown.convertToHtml("http://google.com"))
- .isEqualTo("<a href=\"http://google.com\" target=\"_blank\">http://google.com</a>");
+ .isEqualTo("<a href=\"http://google.com\" target=\"_blank\" rel=\"noopener noreferrer\">http://google.com</a>");
}
@Test
public void shouldDecorateDocumentedLink() {
assertThat(Markdown.convertToHtml("For more details, please [check online documentation](http://docs.sonarqube.org/display/SONAR)."))
- .isEqualTo("For more details, please <a href=\"http://docs.sonarqube.org/display/SONAR\" target=\"_blank\">check online documentation</a>.");
+ .isEqualTo("For more details, please <a href=\"http://docs.sonarqube.org/display/SONAR\" target=\"_blank\" rel=\"noopener noreferrer\">check online documentation</a>.");
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-03 20:06:14 +0000