go-gitea · techknowlogick · Jul 3, 2018 · Jun 27, 2018 · Jun 27, 2018 · Jun 27, 2018
diff --git a/models/repo.go b/models/repo.go
@@ -781,7 +781,7 @@ var (
 // DescriptionHTML does special handles to description and return HTML string.
 func (repo *Repository) DescriptionHTML() template.HTML {
 	sanitize := func(s string) string {
-		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener">%[1]s</a>`, s)
+		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener noreferrer">%[1]s</a>`, s)
 	}
 	return template.HTML(descPattern.ReplaceAllStringFunc(markup.Sanitize(repo.Description), sanitize))
 }

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
@@ -75,7 +75,7 @@ cancel = Cancel
 [install]
 install = Installation
 title = Initial Configuration
-docker_helper = If you run Gitea inside Docker, please read the <a target="_blank" rel="noopener" href="%s">documentation</a> before changing any settings.
+docker_helper = If you run Gitea inside Docker, please read the <a target="_blank" rel="noopener noreferrer" href="%s">documentation</a> before changing any settings.
 requite_db_desc = Gitea requires MySQL, PostgreSQL, MSSQL, SQLite3 or TiDB.
 db_title = Database Settings
 db_type = Database Type
@@ -495,7 +495,7 @@ visibility = Visibility
 visiblity_helper = Make Repository Private
 visiblity_helper_forced = Your site administrator forces new repositories to be private.
 visiblity_fork_helper = (Changing this will affect all forks.)
-clone_helper = Need help cloning? Visit <a target="_blank" rel="noopener" href="%s">Help</a>.
+clone_helper = Need help cloning? Visit <a target="_blank" rel="noopener noreferrer" href="%s">Help</a>.
 fork_repo = Fork Repository
 fork_from = Fork From
 fork_visiblity_helper = The visibility of a forked repository cannot be changed.
@@ -613,7 +613,7 @@ editor.directory_is_a_file = Directory name '%s' is already used as a filename i
 editor.file_is_a_symlink = '%s' is a symbolic link. Symbolic links cannot be edited in the web editor
 editor.filename_is_a_directory = Filename '%s' is already used as a directory name in this repository.
 editor.file_editing_no_longer_exists = The file being edited, '%s', no longer exists in this repository.
-editor.file_changed_while_editing = The file contents have changed since you started editing. <a target="_blank" rel="noopener" href="%s">Click here</a> to see them or <strong>Commit Changes again</strong> to overwrite them.
+editor.file_changed_while_editing = The file contents have changed since you started editing. <a target="_blank" rel="noopener noreferrer" href="%s">Click here</a> to see them or <strong>Commit Changes again</strong> to overwrite them.
 editor.file_already_exists = A file named '%s' already exists in this repository.
 editor.no_changes_to_show = There are no changes to show.
 editor.fail_to_update_file = Failed to update/create file '%s' with error: %v
@@ -994,7 +994,7 @@ settings.search_user_placeholder = Search user…
 settings.org_not_allowed_to_be_collaborator = Organizations cannot be added as a collaborator.
 settings.user_is_org_member = The user is an organization member who cannot be added as a collaborator.
 settings.add_webhook = Add Webhook
-settings.hooks_desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
+settings.hooks_desc = Webhooks automatically make HTTP POST requests to a server when certain Gitea events trigger. Read more in the <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guide</a>.
 settings.webhook_deletion = Remove Webhook
 settings.webhook_deletion_desc = Removing a webhook deletes its settings and delivery history. Continue?
 settings.webhook_deletion_success = The webhook has been removed.
@@ -1011,7 +1011,7 @@ settings.githook_edit_desc = If the hook is inactive, sample content will be pre
 settings.githook_name = Hook Name
 settings.githook_content = Hook Content
 settings.update_githook = Update Hook
-settings.add_webhook_desc = Gitea will send <code>POST</code> requests with a specified content type to the target URL. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
+settings.add_webhook_desc = Gitea will send <code>POST</code> requests with a specified content type to the target URL. Read more in the <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guide</a>.
 settings.payload_url = Target URL
 settings.content_type = POST Content Type
 settings.secret = Secret

diff --git a/templates/base/footer.tmpl b/templates/base/footer.tmpl
@@ -17,7 +17,7 @@
 			</div>
 			<div class="ui right links">
 				{{if .ShowFooterBranding}}
-					<a target="_blank" rel="noopener" href="https://github.com/go-gitea/gitea"><i class="fa fa-github-square"></i><span class="sr-only">GitHub</span></a>
+					<a target="_blank" rel="noopener noreferrer" href="https://github.com/go-gitea/gitea"><i class="fa fa-github-square"></i><span class="sr-only">GitHub</span></a>
 				{{end}}
 				<div class="ui language bottom floating slide up dropdown link item">
 					<i class="world icon"></i>
@@ -30,7 +30,7 @@
 				</div>
 				<a href="{{AppSubUrl}}/vendor/librejs.html" data-jslicense="1">JavaScript licenses</a>
 				{{if .EnableSwaggerEndpoint}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
-				<a target="_blank" rel="noopener" href="https://gitea.io">{{.i18n.Tr "website"}}</a>
+				<a target="_blank" rel="noopener noreferrer" href="https://gitea.io">{{.i18n.Tr "website"}}</a>
 				{{if (or .ShowFooterVersion .PageIsAdmin)}}<span class="version">{{GoVer}}</span>{{end}}
 			</div>
 		</div>