HTML: Add rel="noreferrer noopener" to external links (#4667)

Note: Does not add rel="noreferrer noopener" to: * links in channel description * links in video descriptions * links in video comments Related to issue 4267
author: Samantaz Fox <coding@samantaz.fr> 2024-08-11 13:35:57 +0200
committer: Samantaz Fox <coding@samantaz.fr> 2024-08-11 13:35:57 +0200
commit: 80ffc442f2aad08f00f9e83ce34c60311ba35b33 (patch)
tree: 57d9302c1d572a4e97bbd2de54d0d7f0470228eb /src
parent: 9bf754ed4ff90069367ed333a22db7d0c9e22a74 (diff)
parent: c4fec89a9bac0228f6fac6ab2e8547132b57cc98 (diff)
download: invidious-80ffc442f2aad08f00f9e83ce34c60311ba35b33.tar.gz
invidious-80ffc442f2aad08f00f9e83ce34c60311ba35b33.tar.bz2
invidious-80ffc442f2aad08f00f9e83ce34c60311ba35b33.zip
5 files changed, 7 insertions, 7 deletions
diff --git a/src/invidious/frontend/comments_youtube.cr b/src/invidious/frontend/comments_youtube.cr
index aecac87f..a0e1d783 100644
--- a/src/invidious/frontend/comments_youtube.cr
+++ b/src/invidious/frontend/comments_youtube.cr
@@ -149,12 +149,12 @@ module Invidious::Frontend::Comments
 
         if comments["videoId"]?
           html << <<-END_HTML
-            <a href="https://www.youtube.com/watch?v=#{comments["videoId"]}&lc=#{child["commentId"]}" title="#{translate(locale, "YouTube comment permalink")}">[YT]</a>
+            <a rel="noreferrer noopener" href="https://www.youtube.com/watch?v=#{comments["videoId"]}&lc=#{child["commentId"]}" title="#{translate(locale, "YouTube comment permalink")}">[YT]</a>
             |
           END_HTML
         elsif comments["authorId"]?
           html << <<-END_HTML
-            <a href="https://www.youtube.com/channel/#{comments["authorId"]}/community?lb=#{child["commentId"]}" title="#{translate(locale, "YouTube comment permalink")}">[YT]</a>
+            <a rel="noreferrer noopener" href="https://www.youtube.com/channel/#{comments["authorId"]}/community?lb=#{child["commentId"]}" title="#{translate(locale, "YouTube comment permalink")}">[YT]</a>
             |
           END_HTML
         end
diff --git a/src/invidious/helpers/errors.cr b/src/invidious/helpers/errors.cr
index 21b789bc..b2df682d 100644
--- a/src/invidious/helpers/errors.cr
+++ b/src/invidious/helpers/errors.cr
@@ -190,7 +190,7 @@ def error_redirect_helper(env : HTTP::Server::Context)
           <a href="/redirect?referer=#{env.get("current_page")}">#{switch_instance}</a>
         </li>
         <li>
-          <a href="https://youtube.com#{env.request.resource}">#{go_to_youtube}</a>
+          <a rel="noreferrer noopener" href="https://youtube.com#{env.request.resource}">#{go_to_youtube}</a>
         </li>
       </ul>
     END_HTML
diff --git a/src/invidious/views/components/video-context-buttons.ecr b/src/invidious/views/components/video-context-buttons.ecr
index 385ed6b3..22458a03 100644
--- a/src/invidious/views/components/video-context-buttons.ecr
+++ b/src/invidious/views/components/video-context-buttons.ecr
@@ -1,6 +1,6 @@
 <div class="flex-right flexible">
     <div class="icon-buttons">
-        <a title="<%=translate(locale, "videoinfo_watch_on_youTube")%>" href="https://www.youtube.com/watch<%=endpoint_params%>">
+        <a title="<%=translate(locale, "videoinfo_watch_on_youTube")%>" rel="noreferrer noopener" href="https://www.youtube.com/watch<%=endpoint_params%>">
             <i class="icon ion-logo-youtube"></i>
         </a>
         <a title="<%=translate(locale, "Audio mode")%>" href="/watch<%=endpoint_params%>&listen=1">
diff --git a/src/invidious/views/playlist.ecr b/src/invidious/views/playlist.ecr
index 24ba437d..c27ddba6 100644
--- a/src/invidious/views/playlist.ecr
+++ b/src/invidious/views/playlist.ecr
@@ -83,7 +83,7 @@
 
         <% if !playlist.is_a? InvidiousPlaylist %>
             <div class="pure-u-2-3">
-                    <a href="https://www.youtube.com/playlist?list=<%= playlist.id %>">
+                    <a rel="noreferrer noopener" href="https://www.youtube.com/playlist?list=<%= playlist.id %>">
                         <%= translate(locale, "View playlist on YouTube") %>
                     </a>
                     <span> | </span>
diff --git a/src/invidious/views/watch.ecr b/src/invidious/views/watch.ecr
index 9e7467dd..36679bce 100644
--- a/src/invidious/views/watch.ecr
+++ b/src/invidious/views/watch.ecr
@@ -123,8 +123,8 @@ we're going to need to do it here in order to allow for translations.
                         link_yt_embed = IV::HttpServer::Utils.add_params_to_url(link_yt_embed, link_yt_param)
                     end
                 -%>
-                <a id="link-yt-watch" data-base-url="<%= link_yt_watch %>" href="<%= link_yt_watch %>"><%= translate(locale, "videoinfo_watch_on_youTube") %></a>
-                (<a id="link-yt-embed" data-base-url="<%= link_yt_embed %>" href="<%= link_yt_embed %>"><%= translate(locale, "videoinfo_youTube_embed_link") %></a>)
+                <a id="link-yt-watch" rel="noreferrer noopener" data-base-url="<%= link_yt_watch %>" href="<%= link_yt_watch %>"><%= translate(locale, "videoinfo_watch_on_youTube") %></a>
+                (<a id="link-yt-embed" rel="noreferrer noopener" data-base-url="<%= link_yt_embed %>" href="<%= link_yt_embed %>"><%= translate(locale, "videoinfo_youTube_embed_link") %></a>)
             </span>
 
             <p id="watch-on-another-invidious-instance">
author	Samantaz Fox <coding@samantaz.fr>	2024-08-11 13:35:57 +0200
committer	Samantaz Fox <coding@samantaz.fr>	2024-08-11 13:35:57 +0200
commit	80ffc442f2aad08f00f9e83ce34c60311ba35b33 (patch)
tree	57d9302c1d572a4e97bbd2de54d0d7f0470228eb /src
parent	9bf754ed4ff90069367ed333a22db7d0c9e22a74 (diff)
parent	c4fec89a9bac0228f6fac6ab2e8547132b57cc98 (diff)
download	invidious-80ffc442f2aad08f00f9e83ce34c60311ba35b33.tar.gz invidious-80ffc442f2aad08f00f9e83ce34c60311ba35b33.tar.bz2 invidious-80ffc442f2aad08f00f9e83ce34c60311ba35b33.zip