add noopener noreferrer to href with target _blank

Signed-off-by: Nicola Murino <[email protected]>

templates/common/login.html

@@ -90,7 +90,7 @@ explicit grant from the SFTPGo Team ([email protected]).
 								</a>
 								{{- end}}
 								{{- if and .Branding.DisclaimerName .Branding.DisclaimerPath}}
-								<a href="{{.Branding.DisclaimerPath}}" target="_blank" class="px-2">
+								<a href="{{.Branding.DisclaimerPath}}" target="_blank" rel="noopener noreferrer" class="px-2">
 									<span data-i18n="custom.disclaimer_webclient">{{.Branding.DisclaimerName}}</span>
 								</a>
 								{{- end}}

templates/webadmin/adminsetup.html

@@ -100,7 +100,7 @@ explicit grant from the SFTPGo Team ([email protected]).
     </div>
     {{- if not .HideSupportLink}}
     <div class="d-flex fw-semibold text-primary">
-        <a href="https://github.com/drakkan/sftpgo?tab=readme-ov-file#sponsors" target="_blank" class="px-2">
+        <a href="https://github.com/drakkan/sftpgo?tab=readme-ov-file#sponsors" target="_blank" rel="noopener noreferrer" class="px-2">
             <span data-i18n="setup.help_text"></span>
         </a>
     </div>

templates/webadmin/folder.html

@@ -44,7 +44,7 @@ explicit grant from the SFTPGo Team ([email protected]).
         </div>
         {{- end}}
         {{- template "errmsg" .Error}}
-        <form id="folder_form" enctype="multipart/form-data" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank"{{end}}>
+        <form id="folder_form" enctype="multipart/form-data" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank" rel="noopener noreferrer"{{end}}>
             {{- if eq .Mode 3}}
             <div class="card mt-10">
                 <div class="card-header bg-light">

templates/webadmin/login.html

@@ -90,7 +90,7 @@ explicit grant from the SFTPGo Team ([email protected]).
 								</a>
 								{{- end}}
 								{{- if and .Branding.DisclaimerName .Branding.DisclaimerPath}}
-								<a href="{{.Branding.DisclaimerPath}}" target="_blank" class="px-2">
+								<a href="{{.Branding.DisclaimerPath}}" target="_blank" rel="noopener noreferrer" class="px-2">
 									<span data-i18n="custom.disclaimer_webclient">{{.Branding.DisclaimerName}}</span>
 								</a>
 								{{- end}}

templates/webadmin/maintenance.html

@@ -76,7 +76,7 @@ explicit grant from the SFTPGo Team ([email protected]).
     </div>
     <div class="card-body">
         <div>
-            <a href="{{.BackupPath}}?output-data=1" target="_blank" class="btn btn-primary btn-block">
+            <a href="{{.BackupPath}}?output-data=1" target="_blank" rel="noopener noreferrer" class="btn btn-primary btn-block">
                 <span data-i18n="maintenance.backup_do">Backup your data</span>
             </a>
         </div>

templates/webadmin/user.html

@@ -46,7 +46,7 @@ explicit grant from the SFTPGo Team ([email protected]).
         </div>
         {{- end}}
         {{- template "errmsg" .Error}}
-        <form id="user_form" enctype="multipart/form-data" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank"{{end}}>
+        <form id="user_form" enctype="multipart/form-data" action="{{.CurrentURL}}" method="POST" autocomplete="off" {{if eq .Mode 3}}target="_blank" rel="noopener noreferrer"{{end}}>
             {{- if eq .Mode 3}}
             <div class="card mt-10">
                 <div class="card-header bg-light">

templates/webclient/files.html

@@ -721,7 +721,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                                                 let view_url = row['url'];
                                                 view_url = view_url.replace('{{.FilesURL}}','{{.ViewPDFURL}}');
                                                 previewDiv = `<div class="ms-2" data-kt-filemanger-table="view_item">
-												    <a href="${view_url}" target="_blank" class="btn btn-sm btn-icon btn-light btn-active-light-primary">
+												    <a href="${view_url}" target="_blank" rel="noopener noreferrer" class="btn btn-sm btn-icon btn-light btn-active-light-primary">
 													    <i class="ki-duotone ki-eye fs-6 m-0">
 														    <span class="path1"></span>
 														    <span class="path2"></span>
@@ -735,7 +735,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                                             //{{- if not .ShareUploadBaseURL}}
                                             if (data && (supportedEditExtensions.includes(extension) || supportedEditFilenames.includes(filename.toLowerCase()))){
                                                 previewDiv = `<div class="ms-2" data-kt-filemanger-table="view_item">
-												    <a href="${data}" target="_blank" class="btn btn-sm btn-icon btn-light btn-active-light-primary">
+												    <a href="${data}" target="_blank" rel="noopener noreferrer" class="btn btn-sm btn-icon btn-light btn-active-light-primary">
 													    <i class="ki-duotone ki-eye fs-6 m-0">
 														    <span class="path1"></span>
 														    <span class="path2"></span>
@@ -1072,7 +1072,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                     let currentDir = '{{.CurrentDir}}';
                     let ts = new Date().getTime().toString();
                     let files = JSON.stringify(filesArray);
-                    $(`<form method="post" action="${downloadURL}?path=${currentDir}&_=${ts}" target="_blank">
+                    $(`<form method="post" action="${downloadURL}?path=${currentDir}&_=${ts}" target="_blank" rel="noopener noreferrer">
                         <input type="hidden" name="_form_token" value="${token}">
                         <textarea name="files" hidden>${files}</textarea>
                        </form>`).appendTo('body').submit().remove();

templates/webclient/shares.html

@@ -86,7 +86,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                                 </i>
                                 <span data-i18n="general.copy_link">Copy link</span>
                             </button>
-                            <a id="readLink" href="#" target="_blank" type="button" class="btn btn-flex btn-primary">
+                            <a id="readLink" href="#" target="_blank" rel="noopener noreferrer" type="button" class="btn btn-flex btn-primary">
                                 <i class="ki-duotone ki-folder-down fs-2">
                                     <span class="path1"></span>
                                     <span class="path2"></span>
@@ -106,7 +106,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                             </i>
                             <span data-i18n="general.copy_link">Copy link</span>
                         </button>
-                        <a id="readBrowseLink" href="#" target="_blank" type="button" class="btn btn-flex btn-primary">
+                        <a id="readBrowseLink" href="#" target="_blank" rel="noopener noreferrer" type="button" class="btn btn-flex btn-primary">
                             <i class="ki-duotone ki-arrow-up-right fs-2">
                                 <span class="path1"></span>
                                 <span class="path2"></span>
@@ -125,7 +125,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                             </i>
                             <span data-i18n="general.copy_link">Copy link</span>
                         </button>
-                        <a id="readUncompressedLink" href="#" target="_blank" type="button" class="btn btn-flex btn-primary">
+                        <a id="readUncompressedLink" href="#" target="_blank" rel="noopener noreferrer" type="button" class="btn btn-flex btn-primary">
                             <i class="ki-duotone ki-folder-down fs-2">
                                 <span class="path1"></span>
                                 <span class="path2"></span>
@@ -143,7 +143,7 @@ explicit grant from the SFTPGo Team ([email protected]).
                         </i>
                         <span data-i18n="general.copy_link">Copy link</span>
                     </button>
-                    <a id="writePageLink" href="#" target="_blank" type="button" class="btn btn-flex btn-primary">
+                    <a id="writePageLink" href="#" target="_blank" rel="noopener noreferrer" type="button" class="btn btn-flex btn-primary">
                         <i class="ki-duotone ki-folder-up fs-2">
                             <span class="path1"></span>
                             <span class="path2"></span>