diff options
author | Zipeng WU <zipeng.wu@sonarsource.com> | 2022-12-15 11:24:01 +0100 |
---|---|---|
committer | sonartech <sonartech@sonarsource.com> | 2022-12-19 20:02:46 +0000 |
commit | 867a7b57aac83b83dd1e99942f6342389affa89d (patch) | |
tree | 0b28c0cbca9e7cb5743ef55e24eac7cfc28dd419 /sonar-markdown | |
parent | 4bdd63589597f5b32f04f02a3a32fe3e6e2927d4 (diff) | |
download | sonarqube-867a7b57aac83b83dd1e99942f6342389affa89d.tar.gz sonarqube-867a7b57aac83b83dd1e99942f6342389affa89d.zip |
SONAR-17579 add security Link attributes noopener and noreferrer
Diffstat (limited to 'sonar-markdown')
3 files changed, 8 insertions, 4 deletions
diff --git a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java index cccae47ce95..66e88e15c5f 100644 --- a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java +++ b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlLinkChannel.java @@ -49,7 +49,7 @@ class HtmlLinkChannel extends RegexChannel<MarkdownOutput> { String url = matcher.group(2); output.append("<a href=\""); output.append(url); - output.append("\" target=\"_blank\">"); + output.append("\" target=\"_blank\" rel=\"noopener noreferrer\">"); output.append(content); output.append("</a>"); } diff --git a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java index 5aadee1a0fb..50424d4b0c3 100644 --- a/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java +++ b/sonar-markdown/src/main/java/org/sonar/markdown/HtmlUrlChannel.java @@ -33,6 +33,10 @@ class HtmlUrlChannel extends RegexChannel<MarkdownOutput> { @Override protected void consume(CharSequence token, MarkdownOutput output) { - output.append("<a href=\"" + token + "\" target=\"_blank\">" + token + "</a>"); + output.append("<a href=\""); + output.append(token); + output.append("\" target=\"_blank\" rel=\"noopener noreferrer\">"); + output.append(token); + output.append("</a>"); } } diff --git a/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java b/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java index d0c64578bb2..b4838a12d8d 100644 --- a/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java +++ b/sonar-markdown/src/test/java/org/sonar/markdown/MarkdownTest.java @@ -28,13 +28,13 @@ public class MarkdownTest { @Test public void shouldDecorateUrl() { assertThat(Markdown.convertToHtml("http://google.com")) - .isEqualTo("<a href=\"http://google.com\" target=\"_blank\">http://google.com</a>"); + .isEqualTo("<a href=\"http://google.com\" target=\"_blank\" rel=\"noopener noreferrer\">http://google.com</a>"); } @Test public void shouldDecorateDocumentedLink() { assertThat(Markdown.convertToHtml("For more details, please [check online documentation](http://docs.sonarqube.org/display/SONAR).")) - .isEqualTo("For more details, please <a href=\"http://docs.sonarqube.org/display/SONAR\" target=\"_blank\">check online documentation</a>."); + .isEqualTo("For more details, please <a href=\"http://docs.sonarqube.org/display/SONAR\" target=\"_blank\" rel=\"noopener noreferrer\">check online documentation</a>."); } |