Merge pull request #634 from roiLeo/fix/securiry/_blank

fix(security): rel on target _blank link

src/components/landing/Tutorials.vue

@@ -17,6 +17,7 @@
                   <!-- <router-link :to="{name: 'createAccount'}"> -->
                   <a
                     target="_blank"
+                    rel="noopener noreferrer"
                     href="https://www.youtube.com/watch?v=iG8iQrONnYo"
                   >
                     <b-button type="is-primary" class="mb-6">
@@ -27,6 +28,7 @@
                   <!-- <router-link :to="{name: 'createAccount'}"> -->
                   <a
                     target="_blank"
+                    rel="noopener noreferrer"
                     href="https://www.youtube.com/watch?v=cYaZWDzU1Yc"
                   >
                     <b-button type="is-primary" class="mb-6">
@@ -37,6 +39,7 @@
                   <!-- <router-link :to="{name: 'createAccount'}"> -->
                   <a
                     target="_blank"
+                    rel="noopener noreferrer"
                     href="https://www.youtube.com/watch?v=pPsbQyJRGVQ"
                   >
                     <b-button type="is-primary" class="mb-6">

src/components/rmrk/Credit/Credit.vue

@@ -18,7 +18,9 @@
         + `&hostLogoUrl=https://nft.kodadot.xyz/kodadot_logo_v1_transparent_400px.png`
         + `&finalUrl=https://nft.kodadot.xyz`
         + `hostApiKey=a99bfvomhhbvzy6thaycxbawz7d3pssuz2a8hsrc`"
-        target="_blank" >
+        target="_blank"
+        rel="noopener noreferrer"
+      >
         Buy Kusama
       </b-button><br>
     </div>

src/components/rmrk/Gallery/Item/Facts.vue

@@ -40,7 +40,7 @@
             <ol>
               <li v-for="gw in gwList"
               :key="gw">
-                <a :href="gw+imageId" target="_blank">Gateway</a>
+                <a :href="gw+imageId" target="_blank" rel="noopener noreferrer">Gateway</a>
               </li>
             </ol>
           </p>

src/components/rmrk/Media/Unknown.vue

@@ -1,6 +1,6 @@
 <template>
   <div>
-    <a :href="src" target="_blank">Unknown animated media, click to download</a>
+    <a :href="src" target="_blank" rel="noopener noreferrer">Unknown animated media, click to download</a>
   </div>
 </template>
 

src/components/rmrk/Profile/NavbarProfileDropdown.vue

@@ -32,13 +32,13 @@
       </b-dropdown-item>
       <hr class="dropdown-divider" aria-role="menuitem" />
       <b-dropdown-item has-link aria-role="menuitem">
-        <a href="https://twitter.com/kodadot" target="_blank" class="is-flex is-align-items-center pl-3">
+        <a href="https://twitter.com/kodadot" target="_blank" rel="noopener noreferrer" class="is-flex is-align-items-center pl-3">
           <b-icon pack="fab" icon="twitter" class="mr-1"> </b-icon>
           <strong>KodaDot</strong>
         </a>
       </b-dropdown-item>
       <b-dropdown-item has-link aria-role="menuitem">
-        <a href="https://discord.gg/u6ymnbz4PR" target="_blank" class="is-flex is-align-items-center pl-3">
+        <a href="https://discord.gg/u6ymnbz4PR" target="_blank" rel="noopener noreferrer" class="is-flex is-align-items-center pl-3">
           <b-icon pack="fab" icon="discord" class="mr-1"> </b-icon>
           <strong>Discord</strong>
         </a>

src/components/rmrk/Profile/ProfileLink.vue

@@ -3,7 +3,7 @@
     <LinkResolver class="profile-link__wrapper" route="profile" :param="address" link="u">
       <Identity :address="address" :inline="true" :verticalAlign="true" />
       <template v-slot:extra>
-        <a :href="`https://kusama.subscan.io/account/${address}`" target="_blank">
+        <a :href="`https://kusama.subscan.io/account/${address}`" target="_blank" rel="noopener noreferrer">
           <figure class="image is-24x24 subscan__less-margin">
             <img alt="subscan" :src="require('@/assets/subscan.svg')" />
           </figure>

src/components/shared/Card.vue

@@ -9,7 +9,7 @@
           role="button"
           aria-controls="contentIdForA11y3">
           <p class="card-header-title">
-            <a :href="getExplorerUrl(nature)"  target="_blank">
+            <a :href="getExplorerUrl(nature)"  target="_blank" rel="noopener noreferrer">
               🧊 {{nature}}</a>
           </p>
           <a class="card-header-icon">
@@ -20,7 +20,7 @@
         </div>
         <div class="card-content">
           <div class="content truncate">
-            <a :href="getExplorerUrl(natureDesc)" target="_blank">
+            <a :href="getExplorerUrl(natureDesc)" target="_blank" rel="noopener noreferrer">
               {{natureDesc}}</a>
           </div>
         </div>

src/components/shared/LinkResolver.vue

@@ -7,7 +7,7 @@
       <slot name="extra" />
     </template>
     <template v-else>
-      <a :href="hrefLink" target="_blank" rel="noopener">
+      <a :href="hrefLink" target="_blank" rel="noopener noreferrer">
         <slot />
       </a>
     </template>

src/components/shared/accounts/Keypair.vue

@@ -73,7 +73,7 @@
             <router-link :to="{name:'transferFrom', params:{ from: address}}">
               <b-button type="is-dark" icon-left="paper-plane" outlined>Send</b-button>
             </router-link>
-            <a :href="getExplorerUrl(address)" target="_blank">
+            <a :href="getExplorerUrl(address)" target="_blank" rel="noopener noreferrer">
               <b-button type="is-dark" icon-left="external-link-alt" outlined>View</b-button>
             </a>
           </b-field>
@@ -86,7 +86,7 @@
             <router-link :to="{name:'transferTo', params:{ to: address}}">
               <b-button type="is-dark" icon-left="paper-plane" outlined>Deposit</b-button>
             </router-link>
-            <a :href="getExplorerUrl(address)" target="_blank">
+            <a :href="getExplorerUrl(address)" target="_blank" rel="noopener noreferrer">
               <b-button type="is-dark" icon-left="external-link-alt" outlined>View</b-button>
             </a>
           </b-field>

src/components/shared/format/ExternalLink.vue

@@ -1,5 +1,5 @@
 <template>
-  <a :href="id ? url+id : url" target="_blank">
+  <a :href="id ? url+id : url" target="_blank" rel="noopener noreferrer">
      <slot></slot>
   </a>
 </template>

src/components/subsocial/FaucetLink.vue

@@ -1,5 +1,5 @@
 <template>
-  <a v-if="!email" href="https://app.subsocial.network/faucet" target="_blank">{{ $t('subsocial.faucet') }}</a>
+  <a v-if="!email" href="https://app.subsocial.network/faucet" target="_blank" rel="noopener noreferrer">{{ $t('subsocial.faucet') }}</a>
   <a v-else @click="askFaucet" type="is-ghost">{{ $t('subsocial.autoFaucet') }}</a>
 </template>
 

src/components/transfer/Transfer.vue

@@ -28,7 +28,7 @@
         @click="shipIt">
 				Make Transfer
       </b-button>
-      <b-button v-if="tx" tag="a" target="_blank" :href="getExplorerUrl(tx)"
+      <b-button v-if="tx" tag="a" target="_blank" rel="noopener noreferrer" :href="getExplorerUrl(tx)"
         icon-left="external-link-alt">
         View {{ tx.slice(0, 10) }}
       </b-button>

src/views/Profile.vue

@@ -5,8 +5,12 @@
         <div class="columns">
           <div class="column title">
             <b-icon pack="fas" icon="ghost"></b-icon>
-            <a :href="`https://kusama.subscan.io/account/${id}`" target="_blank"
-              ><Identity ref="identity" :address="id" inline emit @change="handleIdentity" />
+            <a
+              :href="`https://kusama.subscan.io/account/${id}`"
+              target="_blank"
+              rel="noopener noreferrer"
+            >
+              <Identity ref="identity" :address="id" inline emit @change="handleIdentity" />
             </a>
           </div>
           <div class="column">