mirror of
https://github.com/tiennm99/tsuki.git
synced 2026-05-23 10:25:30 +00:00
tiennm99
1eafaefff8
Security: - render-link: drop `| safeHTML` on .Text (self-XSS surface w/ Goldmark unsafe:true) - projects.html: safeURL + noreferrer + target=_blank on repo/demo - comments: require repo+repoId+categoryId in gate (prevent broken Giscus iframe) - htmltest-action: pin to commit SHA 31be84a (supply-chain) Fixed: - seo.html: nil-safe \$authorURL chain (no nil.url template error) - nav.html: relURL on Menu.URL (sub-path deploy correctness) - pages.yml: drop dead if-find Pagefind guard
12 lines
432 B
HTML
12 lines
432 B
HTML
{{- /* External markdown links get rel="noopener noreferrer". No target="_blank" — UX choice. */ -}}
|
|
{{- $external := or
|
|
(strings.HasPrefix .Destination "http://")
|
|
(strings.HasPrefix .Destination "https://")
|
|
(strings.HasPrefix .Destination "//")
|
|
-}}
|
|
<a href="{{ .Destination | safeURL }}"
|
|
{{- with .Title }} title="{{ . }}"{{ end -}}
|
|
{{- if $external }} rel="noopener noreferrer"{{ end -}}
|
|
>{{ .Text }}</a>
|
|
{{- /**/ -}}
|