Merge pull request #767 from transloadit/noopener

`rel="noopener noreferrer"` should be added to links containing `target="_blank"`

src/plugins/Dashboard/Dashboard.js

@@ -23,7 +23,7 @@ const renderInnerPanel = (props) => {
 }
 
 const poweredByUppy = (props) => {
-  return <a href="https://uppy.io" target="_blank" class="uppy-Dashboard-poweredBy">Powered by <svg aria-hidden="true" class="uppy-Dashboard-poweredByIcon" width="12" height="12" viewBox="0 0 12 12" xmlns="http://www.w3.org/2000/svg">
+  return <a href="https://uppy.io" rel="noreferrer noopener" target="_blank" class="uppy-Dashboard-poweredBy">Powered by <svg aria-hidden="true" class="uppy-Dashboard-poweredByIcon" width="12" height="12" viewBox="0 0 12 12" xmlns="http://www.w3.org/2000/svg">
     <path fill-rule="nonzero" d="M8.57 7.554v4.149H3.424V7.554H0L6 0l6 7.554H8.57z" />
   </svg><span class="uppy-Dashboard-poweredByUppy">Uppy</span></a>
 }

src/plugins/Dashboard/FileItem.js

@@ -60,7 +60,7 @@ module.exports = function fileItem (props) {
     <div class="uppy-DashboardItem-preview">
       <div class="uppy-DashboardItem-previewInnerWrap" style={{ backgroundColor: getFileTypeIcon(file.type).color }}>
         {props.showLinkToFileUploadResult && file.uploadURL
-          ? <a class="uppy-DashboardItem-previewLink" href={file.uploadURL} target="_blank" />
+          ? <a class="uppy-DashboardItem-previewLink" href={file.uploadURL} rel="noreferrer noopener" target="_blank" />
           : null
         }
         <FilePreview file={file} />
@@ -92,7 +92,7 @@ module.exports = function fileItem (props) {
     <div class="uppy-DashboardItem-info">
       <h4 class="uppy-DashboardItem-name" title={fileName}>
         {props.showLinkToFileUploadResult && file.uploadURL
-          ? <a href={file.uploadURL} target="_blank">
+          ? <a href={file.uploadURL} rel="noreferrer noopener" target="_blank">
             {file.extension ? truncatedFileName + '.' + file.extension : truncatedFileName}
           </a>
           : file.extension ? truncatedFileName + '.' + file.extension : truncatedFileName

src/views/ProviderView/index.js

@@ -485,6 +485,7 @@ module.exports = class ProviderView {
     const link = `${this.Provider.authUrl()}?state=${authState}`
 
     const authWindow = window.open(link, '_blank')
+    authWindow.opener = null
     const checkAuth = () => {
       let authWindowUrl
 

website/src/examples/transloadit/index.ejs

@@ -6,7 +6,7 @@ order: 5
 ---
 
 {% blockquote %}
-Transloadit is the inventor of <a href="https://tus.io" target="_blank">tus.io</a> and Uppy. Besides a robust encoding platform, Transloadit offers hosted versions of tusd and Uppy Server. This means you can enjoy video encoding, watermarking, face detection, resumable file uploads, fetching from Instagram, etc — all without running a single server yourself.
+Transloadit is the inventor of <a href="https://tus.io" rel="noreferrer noopener" target="_blank">tus.io</a> and Uppy. Besides a robust encoding platform, Transloadit offers hosted versions of tusd and Uppy Server. This means you can enjoy video encoding, watermarking, face detection, resumable file uploads, fetching from Instagram, etc — all without running a single server yourself.
 
 This example demonstrates how to unlock Transloadit’s features within Uppy.
 {% endblockquote %}
@@ -20,11 +20,11 @@ This example demonstrates how to unlock Transloadit’s features within Uppy.
 </p>
 <ol>
   <li>
-    <a href="https://transloadit.com/signup/" target="_blank">Claim your account</a>. It will activate instantly. You can also signup via GitHub to avoid password hassle.
+    <a href="https://transloadit.com/signup/" rel="noreferrer noopener" target="_blank">Claim your account</a>. It will activate instantly. You can also signup via GitHub to avoid password hassle.
   </li>
   <li>
      Copy the API Key that you can find on
-    <a href="https://transloadit.com/accounts/credentials" target="_blank">this page</a> and paste it below.
+    <a href="https://transloadit.com/accounts/credentials" rel="noreferrer noopener" target="_blank">this page</a> and paste it below.
   </li>
   <li>
     Happy encoding &amp; fetching from Instagram :)

website/themes/uppy/layout/example.ejs

@@ -49,6 +49,6 @@
   </script>
 
   <div class="footer">Caught a mistake or want to contribute to the documentation?
-     <a href="https://github.com/transloadit/uppy/blob/master/website/src/<%- page.source %>" target="_blank">Edit/fork this page directly on Github</a>!
+     <a href="https://github.com/transloadit/uppy/blob/master/website/src/<%- page.source %>" rel="noreferrer noopener" target="_blank">Edit/fork this page directly on Github</a>!
   </div>
 </div>

website/themes/uppy/layout/index.ejs

@@ -74,9 +74,9 @@
 </section>
 
 <footer class="IndexFooter">
-  <p>Released under the <a href="http://opensource.org/licenses/MIT" target="_blank">MIT License</a></p>
+  <p>Released under the <a href="http://opensource.org/licenses/MIT" rel="noreferrer noopener" target="_blank">MIT License</a></p>
   <p>This site borrows heavily from Evan You's excellent <a href="https://github.com/vuejs/vuejs.org">Vue.js</a> (<a href="https://github.com/transloadit/uppy/blob/master/website/VUEORG_LICENSE">LICENSE</a>) (he <a href="https://twitter.com/youyuxi/status/672441843183960067">approves</a>)</p>
-  <p>© <%- date(Date.now(), 'YYYY') %> <a href="https://transloadit.com" target="_blank">Transloadit</a></p>
+  <p>© <%- date(Date.now(), 'YYYY') %> <a href="https://transloadit.com" rel="noreferrer noopener" target="_blank">Transloadit</a></p>
 </footer>
 
 <link href="https://transloadit.edgly.net/releases/uppy/v0.24.2/dist/uppy.min.css" rel="stylesheet">

website/themes/uppy/layout/page.ejs

@@ -15,6 +15,6 @@
       </div>
     <% } %>
     <div class="footer">Caught a mistake or want to contribute to the documentation?
-       <a href="https://github.com/transloadit/uppy/blob/master/website/src/<%- page.source %>" target="_blank">Edit/fork this page directly on Github</a>!
+       <a href="https://github.com/transloadit/uppy/blob/master/website/src/<%- page.source %>" rel="noreferrer noopener" target="_blank">Edit/fork this page directly on Github</a>!
     </div>
 </div>

website/themes/uppy/layout/partials/blog.ejs

@@ -5,7 +5,7 @@
   <div class="list">
       <h2>
           Recent Posts
-          <a href="/atom.xml" target="_blank" style="vertical-align: middle; margin-left: 5px">
+          <a href="/atom.xml" rel="noreferrer noopener" target="_blank" style="vertical-align: middle; margin-left: 5px">
               <img src="/images/feed.png" style="width:15px;height:15px">
           </a>
       </h2>

website/themes/uppy/layout/partials/community_dropdown.ejs

@@ -1,8 +1,8 @@
 <li class="nav-dropdown-container">
   <a class="nav-link">Community</a><span class="arrow"></span>
   <ul class="nav-dropdown">
-    <li><a href="https://github.com/transloadit/uppy" class="nav-link" target="_blank">GitHub</a></li>
-    <li><a href="https://gitter.im/transloadit/uppy" class="nav-link" target="_blank">Chat</a></li>
-    <li><a href="https://twitter.com/uppy_io" class="nav-link" target="_blank">Twitter</a></li>
+    <li><a href="https://github.com/transloadit/uppy" class="nav-link" rel="noreferrer noopener" target="_blank">GitHub</a></li>
+    <li><a href="https://gitter.im/transloadit/uppy" class="nav-link" rel="noreferrer noopener" target="_blank">Chat</a></li>
+    <li><a href="https://twitter.com/uppy_io" class="nav-link" rel="noreferrer noopener" target="_blank">Twitter</a></li>
   </ul>
 </li>

website/themes/uppy/layout/post.ejs

@@ -5,7 +5,7 @@
     <div class="list">
         <h2>
             Recent Posts
-            <a href="/atom.xml" target="_blank" style="vertical-align: middle; margin-left: 5px">
+            <a href="/atom.xml" rel="noreferrer noopener" target="_blank" style="vertical-align: middle; margin-left: 5px">
                 <img src="/images/feed.png" style="width:15px;height:15px">
             </a>
         </h2>

website/themes/uppy/layout/stats.ejs

@@ -59,7 +59,7 @@
   </a>
 
   <div class="footer">Caught a mistake or want to contribute to the documentation?
-    <a href="https://github.com/transloadit/uppy/blob/master/website/src/<%- page.source %>" target="_blank">
+    <a href="https://github.com/transloadit/uppy/blob/master/website/src/<%- page.source %>" rel="noreferrer noopener" target="_blank">
       Edit/fork this page directly on Github
     </a>!
   </div>