Skip to content

Commit

Permalink
Merge pull request #2259 from bookwyrm-social/links
Browse files Browse the repository at this point in the history 
Improves rel attrs on links that open on new tabs
  • Loading branch information
@mouse-reeve
mouse-reeve committed Aug 5, 2022
2 parents e5611c7 + 7c7df99 commit 1518dbb
Show file tree
Hide file tree
Showing 23 changed files with 100 additions and 33 deletions.
9 changes: 7 additions & 2 deletions bookwyrm/templates/about/about.html
View file
Expand Up @@ -23,7 +23,9 @@ <h2>
<p class="subtitle notification has-background-primary-highlight">
{% blocktrans trimmed with site_name=site.name %}
{{ site_name }} is part of <em>BookWyrm</em>, a network of independent, self-directed communities for readers.
While you can interact seamlessly with users anywhere in the <a href="https://joinbookwyrm.com/instances/" target="_blank">BookWyrm network</a>, this community is unique.
While you can interact seamlessly with users anywhere in the
<a href="https://joinbookwyrm.com/instances/" target="_blank" rel="nofollow noopener noreferrer">BookWyrm network</a>,
this community is unique.
{% endblocktrans %}
</p>
</div>
Expand Down Expand Up @@ -88,7 +90,10 @@ <h2>
</div>

<p>
{% trans "Track your reading, talk about books, write reviews, and discover what to read next. Always ad-free, anti-corporate, and community-oriented, BookWyrm is human-scale software, designed to stay small and personal. If you have feature requests, bug reports, or grand dreams, <a href='https://joinbookwyrm.com/get-involved' target='_blank'>reach out</a> and make yourself heard." %}
{% blocktrans trimmed %}
Track your reading, talk about books, write reviews, and discover what to read next. Always ad-free, anti-corporate, and community-oriented, BookWyrm is human-scale software, designed to stay small and personal.
If you have feature requests, bug reports, or grand dreams, <a href="https://joinbookwyrm.com/get-involved" target="_blank" rel="nofollow noopener noreferrer">reach out</a> and make yourself heard.
{% endblocktrans %}
</p>

</section>
Expand Down
12 changes: 6 additions & 6 deletions bookwyrm/templates/author/author.html
View file
Expand Up @@ -66,15 +66,15 @@ <h2 class="title is-4">{% trans "External links" %}</h2>
<div class="box">
{% if author.wikipedia_link %}
<div>
<a itemprop="sameAs" href="{{ author.wikipedia_link }}" rel="noopener noreferrer" target="_blank">
<a itemprop="sameAs" href="{{ author.wikipedia_link }}" rel="nofollow noopener noreferrer" target="_blank">
{% trans "Wikipedia" %}
</a>
</div>
{% endif %}

{% if author.isni %}
<div class="mt-1">
<a itemprop="sameAs" href="{{ author.isni_link }}" rel="noopener noreferrer" target="_blank">
<a itemprop="sameAs" href="{{ author.isni_link }}" rel="nofollow noopener noreferrer" target="_blank">
{% trans "View ISNI record" %}
</a>
</div>
Expand All @@ -83,7 +83,7 @@ <h2 class="title is-4">{% trans "External links" %}</h2>
{% trans "Load data" as button_text %}
{% if author.openlibrary_key %}
<div class="mt-1 is-flex">
<a class="mr-3" itemprop="sameAs" href="{{ author.openlibrary_link }}" target="_blank" rel="noopener noreferrer">
<a class="mr-3" itemprop="sameAs" href="{{ author.openlibrary_link }}" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View on OpenLibrary" %}
</a>
{% if request.user.is_authenticated and perms.bookwyrm.edit_book %}
Expand All @@ -98,7 +98,7 @@ <h2 class="title is-4">{% trans "External links" %}</h2>

{% if author.inventaire_id %}
<div class="mt-1 is-flex">
<a class="mr-3" itemprop="sameAs" href="{{ author.inventaire_link }}" target="_blank" rel="noopener noreferrer">
<a class="mr-3" itemprop="sameAs" href="{{ author.inventaire_link }}" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View on Inventaire" %}
</a>

Expand All @@ -114,15 +114,15 @@ <h2 class="title is-4">{% trans "External links" %}</h2>

{% if author.librarything_key %}
<div class="mt-1">
<a itemprop="sameAs" href="https://www.librarything.com/author/{{ author.librarything_key }}" target="_blank" rel="noopener noreferrer">
<a itemprop="sameAs" href="https://www.librarything.com/author/{{ author.librarything_key }}" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View on LibraryThing" %}
</a>
</div>
{% endif %}

{% if author.goodreads_key %}
<div>
<a itemprop="sameAs" href="https://www.goodreads.com/author/show/{{ author.goodreads_key }}" target="_blank" rel="noopener noreferrer">
<a itemprop="sameAs" href="https://www.goodreads.com/author/show/{{ author.goodreads_key }}" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View on Goodreads" %}
</a>
</div>
Expand Down
4 changes: 2 additions & 2 deletions bookwyrm/templates/book/book.html
View file
Expand Up @@ -131,7 +131,7 @@ <h1 class="title" itemprop="name">
{% trans "Load data" as button_text %}
{% if book.openlibrary_key %}
<p>
<a href="{{ book.openlibrary_link }}" target="_blank" rel="noopener noreferrer">
<a href="{{ book.openlibrary_link }}" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View on OpenLibrary" %}
</a>
{% if request.user.is_authenticated and perms.bookwyrm.edit_book %}
Expand All @@ -145,7 +145,7 @@ <h1 class="title" itemprop="name">
{% endif %}
{% if book.inventaire_id %}
<p>
<a href="{{ book.inventaire_link }}" target="_blank" rel="noopener noreferrer">
<a href="{{ book.inventaire_link }}" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View on Inventaire" %}
</a>

Expand Down
10 changes: 7 additions & 3 deletions bookwyrm/templates/book/edit/edit_book.html
View file
Expand Up @@ -78,9 +78,13 @@ <h2 class="title is-4">{% trans "Confirm Book Info" %}</h2>
<p class="help ml-5 mb-2">
{% with book_title=match.book_set.first.title alt_title=match.bio %}
{% if book_title %}
<a href="{{ match.local_path }}" target="_blank">{% trans "Author of " %}<em>{{ book_title }}</em></a>
{% else %}
<a href="{{ match.id }}" target="_blank">{% if alt_title %}{% trans "Author of " %}<em>{{ alt_title }}</em>{% else %} {% trans "Find more information at isni.org" %}{% endif %}</a>
<a href="{{ match.local_path }}" target="_blank" rel="nofollow noopener noreferrer">{% blocktrans trimmed %}
Author of <em>{{ book_title }}</em>
{% endblocktrans %}</a>
{% else %}
<a href="{{ match.id }}" target="_blank" rel="nofollow noopener noreferrer">{% if alt_title %}{% blocktrans trimmed %}
Author of <em>{{ alt_title }}</em>
{% endblocktrans %}{% else %}{% trans "Find more information at isni.org" %}{% endif %}</a>
{% endif %}
{% endwith %}
</p>
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/book/file_links/edit_links.html
View file
Expand Up @@ -39,7 +39,7 @@ <h1 class="title">
{% for link in links %}
<tr>
<td class="overflow-wrap-anywhere">
<a href="{{ link.url }}" target="_blank" rel="noopener noreferrer">{{ link.url }}</a>
<a href="{{ link.url }}" target="_blank" rel="nofollow noopener noreferrer">{{ link.url }}</a>
</td>
<td>
{% if link.added_by %}
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/book/file_links/links.html
View file
Expand Up @@ -28,7 +28,7 @@ <h2 class="title is-5">{% trans "Get a copy" %}</h2>
{% for link in links.all %}
{% join "verify" link.id as verify_modal %}
<li>
<a href="{{ link.url }}" rel="noopener noreferrer" target="_blank" title="{{ link.url }}" data-modal-open="{{ verify_modal }}">{{ link.name }}</a>
<a href="{{ link.url }}" rel="nofollow noopener noreferrer" target="_blank" title="{{ link.url }}" data-modal-open="{{ verify_modal }}">{{ link.name }}</a>
({{ link.filetype }})

{% if link.availability != "free" %}
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/book/file_links/verification_modal.html
View file
Expand Up @@ -23,7 +23,7 @@
</div>

<button type="button" class="button" data-modal-close>{% trans "Cancel" %}</button>
<a href="{{ link.url }}" target="_blank" rel="noopener noreferrer" class="button is-primary">{% trans "Continue" %}</a>
<a href="{{ link.url }}" target="_blank" rel="nofollow noopener noreferrer" noreferrer" class="button is-primary">{% trans "Continue" %}</a>
{% endif %}

{% endblock %}
6 changes: 5 additions & 1 deletion bookwyrm/templates/import/import.html
View file
Expand Up @@ -39,7 +39,11 @@ <h1 class="title">{% trans "Import Books" %}</h1>
</div>

<p class="help" id="desc_source">
{% trans 'You can download your Goodreads data from the <a href="https://www.goodreads.com/review/import" target="_blank" rel="noopener noreferrer">Import/Export page</a> of your Goodreads account.' %}
{% blocktrans trimmed %}
You can download your Goodreads data from the
<a href="https://www.goodreads.com/review/import" target="_blank" rel="nofollow noopener noreferrer">Import/Export page</a>
of your Goodreads account.
{% endblocktrans %}
</p>
</div>

Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/import/import_status.html
View file
Expand Up @@ -169,7 +169,7 @@ <h1 class="title">
<p>{{ item.review|truncatechars:100 }}</p>
{% endif %}
{% if item.linked_review %}
<a href="{{ item.linked_review.remote_id }}" target="_blank">{% trans "View imported review" %}</a>
<a href="{{ item.linked_review.remote_id }}" target="_blank" rel="nofollow noopener noreferrer">{% trans "View imported review" %}</a>
{% endif %}
</td>
{% block import_cols %}
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/import/manual_review.html
View file
Expand Up @@ -42,7 +42,7 @@
<div class="columns is-mobile">
{% with guess=item.book_guess %}
<div class="column is-narrow">
<a href="{{ item.book.local_path }}" target="_blank">
<a href="{{ item.book.local_path }}" target="_blank" rel="nofollow noopener noreferrer">
{% include 'snippets/book_cover.html' with book=guess cover_class='is-h-s' size='small' %}
</a>
</div>
Expand Down
10 changes: 8 additions & 2 deletions bookwyrm/templates/layout.html
View file
Expand Up @@ -200,11 +200,17 @@
{% if site.support_link %}
<p>
<span class="icon icon-heart"></span>
{% blocktrans with site_name=site.name support_link=site.support_link support_title=site.support_title %}Support {{ site_name }} on <a href="{{ support_link }}" target="_blank">{{ support_title }}</a>{% endblocktrans %}
{% blocktrans trimmed with site_name=site.name support_link=site.support_link support_title=site.support_title %}
Support {{ site_name }} on
<a href="{{ support_link }}" target="_blank" rel="nofollow noopener noreferrer">{{ support_title }}</a>
{% endblocktrans %}
</p>
{% endif %}
<p>
{% blocktrans %}BookWyrm's source code is freely available. You can contribute or report issues on <a href="https://github.com/mouse-reeve/bookwyrm">GitHub</a>.{% endblocktrans %}
{% blocktrans trimmed %}
BookWyrm's source code is freely available. You can contribute or report issues on
<a href="https://github.com/bookwyrm-social/bookwyrm" target="_blank" rel="nofollow noopener noreferrer">GitHub</a>.
{% endblocktrans %}
</p>
</div>
{% if site.footer_item %}
Expand Down
9 changes: 8 additions & 1 deletion bookwyrm/templates/ostatus/remote_follow_button.html
View file
Expand Up @@ -4,7 +4,14 @@

<div class="field mb-0">
<div class="control">
<a class="button is-small is-link" href="{% url 'remote-follow-page' %}?user={{ user.username }}" target="_blank" rel="noopener noreferrer" onclick="BookWyrm.displayPopUp(`{% url 'remote-follow-page' %}?user={{ user.username }}`, `remoteFollow`); return false;" aria-describedby="remote_follow_warning">
<a
class="button is-small is-link"
href="{% url 'remote-follow-page' %}?user={{ user.username }}"
target="_blank"
rel="nofollow noopener noreferrer"
onclick="BookWyrm.displayPopUp(`{% url 'remote-follow-page' %}?user={{ user.username }}`, `remoteFollow`); return false;"
aria-describedby="remote_follow_warning"
>
{% blocktrans with username=user.localname %}Follow on Fediverse{% endblocktrans %}
</a>
</div>
Expand Down
8 changes: 6 additions & 2 deletions bookwyrm/templates/search/book.html
View file
Expand Up @@ -42,7 +42,11 @@
<summary class="is-flex is-align-items-center is-flex-wrap-wrap is-gap-2 remote-book-search-result" id="tour-remote-search-result">
<span class="mb-0 title is-5">
{% trans 'Results from' %}
<a href="{{ result_set.connector.base_url }}" target="_blank">{{ result_set.connector.name|default:result_set.connector.identifier }}</a>
<a
href="{{ result_set.connector.base_url }}"
target="_blank"
rel="nofollow noopener noreferrer"
>{{ result_set.connector.name|default:result_set.connector.identifier }}</a>
</span>

<span class="details-close icon icon-x" aria-hidden="true"></span>
Expand All @@ -63,7 +67,7 @@
<strong>
<a
href="{{ result.view_link|default:result.key }}"
rel="noopener noreferrer"
rel="nofollow noopener noreferrer"
target="_blank"
>{{ result.title }}</a>
</strong>
Expand Down
4 changes: 3 additions & 1 deletion bookwyrm/templates/settings/federation/instance_blocklist.html
View file
Expand Up @@ -59,7 +59,9 @@
<div class="field">
<label class="label" for="id_file">JSON data:</label>
<aside class="help">
Expects a json file in the format provided by <a href="https://fediblock.org/" target="_blank" rel="noopener noreferrer">FediBlock</a>, with a list of entries that have <code>instance</code> and <code>url</code> fields. For example:
{% blocktrans trimmed %}
Expects a json file in the format provided by <a href="https://fediblock.org/" target="_blank" rel="nofollow noopener noreferrer">FediBlock</a>, with a list of entries that have <code>instance</code> and <code>url</code> fields. For example:
{% endblocktrans %}
<pre>
[
{
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/settings/link_domains/link_domains.html
View file
Expand Up @@ -36,7 +36,7 @@
<header class="column">
<h2 class="title is-5">
{{ domain.name }}
(<a href="http://{{ domain.domain }}" target="_blank" rel="noopener noreferrer">{{ domain.domain }}</a>)
(<a href="http://{{ domain.domain }}" target="_blank" rel="nofollow noopener noreferrer">{{ domain.domain }}</a>)
</h2>
</header>
<div class="column is-narrow">
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/settings/link_domains/link_table.html
View file
Expand Up @@ -12,7 +12,7 @@
{% for link in links %}
<tr>
<td class="overflow-wrap-anywhere">
<a href="{{ link.url }}" target="_blank" rel="noopener noreferrer">{{ link.url }}</a>
<a href="{{ link.url }}" target="_blank" rel="nofollow noopener noreferrer">{{ link.url }}</a>
</td>
<td>
{% if link.added_by %}
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/setup/admin.html
View file
Expand Up @@ -51,7 +51,7 @@ <h2 class="title is-4">{% trans "Create your account" %}</h2>
{% trans "Once the instance is set up, you can promote other users to moderator or admin roles from the admin panel." %}
</p>
<p>
<a href="https://docs.joinbookwyrm.com/moderation.html" target="_blank">
<a href="https://docs.joinbookwyrm.com/moderation.html" target="_blank" rel="nofollow noopener noreferrer">
{% trans "Learn more about moderation" %}
</a>
</p>
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/setup/config.html
View file
Expand Up @@ -144,7 +144,7 @@ <h2 class="title is-4">{% trans "Does everything look right?" %}</h2>
{% blocktrans trimmed %}
You can change your instance settings in the <code>.env</code> file on your server.
{% endblocktrans %}
<a href="https://docs.joinbookwyrm.com/install-prod.html" target="_blank">
<a href="https://docs.joinbookwyrm.com/install-prod.html" target="_blank" rel="nofollow noopener noreferrer">
{% trans "View installation instructions" %}
</a>
</p>
Expand Down
8 changes: 6 additions & 2 deletions bookwyrm/templates/setup/layout.html
View file
Expand Up @@ -9,13 +9,17 @@
<div class="container">
<div class="navbar-brand is-flex-grow-1">
<span class="navbar-item" href="/">
<img class="image logo" src="{% if site.logo_small %}{% get_media_prefix %}{{ site.logo_small }}{% else %}{% static "images/logo-small.png" %}{% endif %}" alt="{% blocktrans with site_name=site.name %}{{ site_name }} home page{% endblocktrans %}">
<img
class="image logo"
src="{% if site.logo_small %}{% get_media_prefix %}{{ site.logo_small }}{% else %}{% static "images/logo-small.png" %}{% endif %}"
alt="{% blocktrans with site_name=site.name %}{{ site_name }} home page{% endblocktrans %}"
>
</span>
<div class="navbar-item is-align-items-start pt-5 is-flex-grow-1">
{% trans "Installing BookWyrm" %}
</div>
<div class="navbar-item is-align-items-start pt-5">
<a href="https://joinbookwyrm.com/get-involved/#dev-chat" target="_blank">{% trans "Need help?" %}</a>
<a href="https://joinbookwyrm.com/get-involved/#dev-chat" target="_blank" rel="nofollow noopener noreferrer">{% trans "Need help?" %}</a>
</div>
</div>
</div>
Expand Down
1 change: 1 addition & 0 deletions bookwyrm/templates/snippets/status/content_status.html
View file
Expand Up @@ -123,6 +123,7 @@ <h4 class="subtitle is-6">
<a
href="{% get_media_prefix %}{{ attachment.image }}"
target="_blank"
rel="nofollow noopener noreferrer"
aria-label="{% trans 'Open image in new window' %}"
>
<img
Expand Down
2 changes: 1 addition & 1 deletion bookwyrm/templates/user/user.html
View file
Expand Up @@ -65,7 +65,7 @@ <h2 class="title">{% blocktrans %}{{ current_year }} Reading Goal{% endblocktran
<div class="columns is-mobile">
<h2 class="title column">{% trans "User Activity" %}</h2>
<div class="column is-narrow">
<a target="_blank" href="{{ user.local_path }}/rss">
<a target="_blank" href="{{ user.local_path }}/rss" rel="nofollow noopener noreferrer">
<span class="icon icon-rss" aria-hidden="true"></span>
<span class="is-hidden-mobile">{% trans "RSS feed" %}</span>
</a>
Expand Down

10 comments on commit 1518dbb

@agnihackers
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mouse-reeve @JamieSlome @maintainer Please confirm are you happy to assign a CVE for this, then only hunter.dev admin can move further

@agnihackers
Copy link

@agnihackers agnihackers commented on 1518dbb Aug 6, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mouse-reeve @admin maintainer has requested a CVE via github
here is the link, check that:
GHSA-xq42-mq5w-m24x

So can we assign a CVE here?

@JamieSlome
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@agnihackers - it looks like the maintainer has already requested a CVE from GitHub. Please wait for this to be assigned to the advisory 👍

@agnihackers
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@admin CVE-2022-35953 has assigned for this issue, can you please add this CVE on this report(CVE ID)
https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x

@JamieSlome
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@agnihackers - sorted 👍

@agnihackers
Copy link

@agnihackers agnihackers commented on 1518dbb Aug 9, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@admin None of these websites have published this CVE - CVE-2022-35953

nvd.nist.gov
www.tenable.com
www.mend.io
www.cve.org

@JamieSlome
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@agnihackers - it can take some time for the CVE to be published if assigned via GitHub. Please allow a little while for it to be published into the CVE database.

@agnihackers
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay @admin

@agnihackers
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@admin waiting !!!

@JamieSlome
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@agnihackers - feel free to get in touch with GitHub Support as this CVE was assigned by them 👍

Please sign in to comment.