diff options
author | mattab <matthieu.aubry@gmail.com> | 2014-11-27 06:05:39 +0300 |
---|---|---|
committer | mattab <matthieu.aubry@gmail.com> | 2014-11-27 06:05:39 +0300 |
commit | 9c165f4ce96b96ac0d77d6d86ebf21ca49405f1c (patch) | |
tree | 0b1e579cc8fcb281c9d8279138666dfac69e865a /plugins/Widgetize | |
parent | edae22dc793608cc713ac11baf6cfa5706302c49 (diff) |
Fixes #3147 Add rel="noreferrer" to all outgoing links . This works in Firefox so far and only for "left clicks". Not perfect, but hopefully other browsers will implement this in the future, as it's a useful privacy enhancing feature!
Diffstat (limited to 'plugins/Widgetize')
-rw-r--r-- | plugins/Widgetize/javascripts/widgetize.js | 2 | ||||
-rw-r--r-- | plugins/Widgetize/templates/index.twig | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/plugins/Widgetize/javascripts/widgetize.js b/plugins/Widgetize/javascripts/widgetize.js index c341c7c5c3..3e7d8787b6 100644 --- a/plugins/Widgetize/javascripts/widgetize.js +++ b/plugins/Widgetize/javascripts/widgetize.js @@ -64,7 +64,7 @@ function widgetize() { '</span>' + '</div>' + '<div> <label for="embedThisWidgetDirectLink">› Direct Link</label>' + - '<span id="embedThisWidgetDirectLink"> ' + self.getInputFormWithHtml('directLinkEmbed', urlIframe) + ' - <a href="' + urlIframe + '" target="_blank">' + _pk_translate('Widgetize_OpenInNewWindow') + '</a></span>' + '<span id="embedThisWidgetDirectLink"> ' + self.getInputFormWithHtml('directLinkEmbed', urlIframe) + ' - <a href="' + urlIframe + '" rel="noreferrer" target="_blank">' + _pk_translate('Widgetize_OpenInNewWindow') + '</a></span>' + '</div>' ); diff --git a/plugins/Widgetize/templates/index.twig b/plugins/Widgetize/templates/index.twig index 4ef49917bd..4763473a62 100644 --- a/plugins/Widgetize/templates/index.twig +++ b/plugins/Widgetize/templates/index.twig @@ -35,14 +35,14 @@ <p> <strong>› Widget authentication:</strong> If you want your widgets to be viewable by everybody, you first have to set the 'view' permissions - to the anonymous user in the <a href='index.php?module=UsersManager' target='_blank'>Users Management section</a>. + to the anonymous user in the <a href='index.php?module=UsersManager' rel='noreferrer' target='_blank'>Users Management section</a>. <br/>Alternatively, if you are publishing widgets on a password protected or private page, you don't necessarily have to allow 'anonymous' to view your reports. In this case, you can add the secret token_auth parameter (found in the - <a href='{{ linkTo({'module':'API','action':'listAllAPI'}) }}' target='_blank'>API page</a>) in the widget URL. + <a href='{{ linkTo({'module':'API','action':'listAllAPI'}) }}' rel='noreferrer' target='_blank'>API page</a>) in the widget URL. </p> <p><strong>› Widgetize the full dashboard:</strong> You can also display the full Piwik dashboard in your application or website in an IFRAME - (<a href='' target='_blank' id='linkDashboardUrl'>see example</a>). + (<a href='' rel='noreferrer' target='_blank' id='linkDashboardUrl'>see example</a>). The date parameter can be set to a specific calendar date, "today", or "yesterday". The period parameter can be set to "day", "week", "month", or "year". The language parameter can be set to the language code of a translation, such as language=fr. @@ -50,7 +50,7 @@ </p> <p> - <strong>› Widgetize the all websites dashboard in an IFRAME</strong> (<a href='' target='_blank' id='linkAllWebsitesDashboardUrl'>see example</a>) + <strong>› Widgetize the all websites dashboard in an IFRAME</strong> (<a href='' rel='noreferrer' target='_blank' id='linkAllWebsitesDashboardUrl'>see example</a>) <span id='exportAllWebsitesDashboard'></span> </p> |