diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 00f919cc9..8dc24c08b 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -6,6 +6,7 @@ Changelog * Added support for Python 3.7 (Matt Westcott) * Fix: Query objects returned from `PageQuerySet.type_q` can now be merged with `|` (Brady Moe) + * Fix: Add `rel="noopener noreferrer"` to target blank links (Anselm Bradford) 2.3 LTS (23.10.2018) diff --git a/client/src/components/Button/Button.test.js b/client/src/components/Button/Button.test.js index eb69fe977..f82bf2fe6 100644 --- a/client/src/components/Button/Button.test.js +++ b/client/src/components/Button/Button.test.js @@ -25,7 +25,7 @@ describe('Button', () => { }); it('#target', () => { - expect(shallow( {% if widget.show_edit_link %} -
  • {{ widget.link_to_chosen_text }}
    • +
  • {{ widget.link_to_chosen_text }}
    • {% endif %} diff --git a/wagtail/admin/tests/test_buttons_hooks.py b/wagtail/admin/tests/test_buttons_hooks.py index 53d8bbc9e..96a9e1948 100644 --- a/wagtail/admin/tests/test_buttons_hooks.py +++ b/wagtail/admin/tests/test_buttons_hooks.py @@ -59,7 +59,7 @@ class TestButtonsHooks(TestCase, WagtailTestUtils): page=page, page_perms=page_perms, is_parent=is_parent, - attrs={'target': '_blank'}, + attrs={'target': '_blank', 'rel': 'noopener noreferrer'}, priority=50 ) diff --git a/wagtail/admin/tests/test_edit_handlers.py b/wagtail/admin/tests/test_edit_handlers.py index 6b47dee36..46d5a06a6 100644 --- a/wagtail/admin/tests/test_edit_handlers.py +++ b/wagtail/admin/tests/test_edit_handlers.py @@ -674,7 +674,7 @@ class TestPageChooserPanel(TestCase): self.assertIn('

    help text

    ', result) self.assertIn('Christmas', result) self.assertIn( - '' + '' 'Edit this page' % self.christmas_page.id, result) diff --git a/wagtail/admin/tests/test_pages_views.py b/wagtail/admin/tests/test_pages_views.py index 179b96a2f..8447c2b00 100644 --- a/wagtail/admin/tests/test_pages_views.py +++ b/wagtail/admin/tests/test_pages_views.py @@ -1912,8 +1912,8 @@ class TestPageEdit(TestCase, WagtailTestUtils): response = self.client.get(reverse('wagtailadmin_pages:edit', args=(self.child_page.id, ))) - link_to_draft = 'live + draft' - link_to_live = 'live + draft' + link_to_draft = 'live + draft' + link_to_live = 'live + draft' input_field_for_draft_slug = '' input_field_for_live_slug = '' @@ -1935,8 +1935,8 @@ class TestPageEdit(TestCase, WagtailTestUtils): response = self.client.get(reverse('wagtailadmin_pages:edit', args=(self.single_event_page.id, ))) - link_to_draft = 'live + draft' - link_to_live = 'live + draft' + link_to_draft = 'live + draft' + link_to_live = 'live + draft' input_field_for_draft_slug = '' input_field_for_live_slug = '' diff --git a/wagtail/admin/wagtail_hooks.py b/wagtail/admin/wagtail_hooks.py index b2ff4a5ce..e2ce2a28b 100644 --- a/wagtail/admin/wagtail_hooks.py +++ b/wagtail/admin/wagtail_hooks.py @@ -110,14 +110,14 @@ def page_listing_buttons(page, page_perms, is_parent=False): yield PageListingButton( _('View draft'), reverse('wagtailadmin_pages:view_draft', args=[page.id]), - attrs={'title': _("Preview draft version of '{title}'").format(title=page.get_admin_display_title()), 'target': '_blank'}, + attrs={'title': _("Preview draft version of '{title}'").format(title=page.get_admin_display_title()), 'target': '_blank', 'rel': 'noopener noreferrer'}, priority=20 ) if page.live and page.url: yield PageListingButton( _('View live'), page.url, - attrs={'target': "_blank", 'title': _("View live version of '{title}'").format(title=page.get_admin_display_title())}, + attrs={'target': "_blank", 'rel': 'noopener noreferrer', 'title': _("View live version of '{title}'").format(title=page.get_admin_display_title())}, priority=30 ) if page_perms.can_add_subpage(): @@ -143,7 +143,7 @@ def page_listing_buttons(page, page_perms, is_parent=False): page=page, page_perms=page_perms, is_parent=is_parent, - attrs={'target': '_blank', 'title': _("View more options for '{title}'").format(title=page.get_admin_display_title())}, + attrs={'target': '_blank', 'rel': 'noopener noreferrer', 'title': _("View more options for '{title}'").format(title=page.get_admin_display_title())}, priority=50 ) diff --git a/wagtail/snippets/templates/wagtailsnippets/chooser/results.html b/wagtail/snippets/templates/wagtailsnippets/chooser/results.html index da6fe39d7..5f52e8110 100644 --- a/wagtail/snippets/templates/wagtailsnippets/chooser/results.html +++ b/wagtail/snippets/templates/wagtailsnippets/chooser/results.html @@ -18,6 +18,6 @@

    {% blocktrans %}Sorry, no snippets match "{{ query_string }}"{% endblocktrans %}

    {% else %} {% url 'wagtailsnippets:add' model_opts.app_label model_opts.model_name as wagtailsnippets_create_snippet_url %} -

    {% blocktrans with snippet_type_name=model_opts.verbose_name %}You haven't created any {{ snippet_type_name }} snippets. Why not create one now?{% endblocktrans %}

    +

    {% blocktrans with snippet_type_name=model_opts.verbose_name %}You haven't created any {{ snippet_type_name }} snippets. Why not create one now?{% endblocktrans %}

    {% endif %} {% endif %}