Enhancement for non-self link security

author: Doge <[email protected]> 2021-05-11 12:45:22 +0800
committer: Doge <[email protected]> 2021-05-11 12:45:22 +0800
commit: 96814fc7dbd1c5c9770dc5563be2be0bc6422397 (patch)
tree: 54ea432479a0cdd1d1424476701336309a2185a7 /layout
parent: 0aa17cb5729bf39df1cfddcd5520fd9f238cadbd (diff)
download: chromate-96814fc7dbd1c5c9770dc5563be2be0bc6422397.tar.gz
chromate-96814fc7dbd1c5c9770dc5563be2be0bc6422397.tar.bz2
chromate-96814fc7dbd1c5c9770dc5563be2be0bc6422397.zip
4 files changed, 14 insertions, 13 deletions
diff --git a/layout/_partial/footer.ejs b/layout/_partial/footer.ejs
index 385522c..492ca72 100644
--- a/layout/_partial/footer.ejs
+++ b/layout/_partial/footer.ejs
@@ -4,9 +4,9 @@
             Copyright © <%= date(Date.now(), 'YYYY' ) %> <%= config.title %> <%= theme.copyright %>
         </div>
         <div class="footer-power">
-            <p>Powered by <a href="https://hexo.io" target="_blank">Hexo</a> 
+            <p>Powered by <a href="https://hexo.io" rel="noopener noreferrer" target="_blank">Hexo</a> 
             <i class="fa fa-heart has-text-danger"></i>
-            Theme <a href="https://github.com/guiqiqi/chromate">Chromate</a>
+            Theme <a href="https://github.com/guiqiqi/chromate" rel="noopener noreferrer" target="_blank">Chromate</a>
         </div>
     </div>
 </footer>
 \ No newline at end of file
diff --git a/layout/_partial/head.ejs b/layout/_partial/head.ejs
index 4ad5938..86e2438 100644
--- a/layout/_partial/head.ejs
+++ b/layout/_partial/head.ejs
@@ -20,9 +20,6 @@
 
     <!-- Scripts and styles -->
     <style>pre{background-color:none!important;padding:0%!important;}@media(prefers-color-scheme:dark){*{transition:backgourd-color .5s}.card{box-shadow:none!important;background-color:#121212!important}}@media screen and (max-width:1023px){.navbar-menu{box-shadow:0 8px 16px -8px rgb(10 10 10 / 10%)!important}.post-content{padding-top:0!important}.post-card{margin:0 0 0 0!important}}.post-podcast-player{padding-bottom:1.5rem}.post-card{margin:0 1rem 0rem 1rem}.navbar-brand .navbar-item:hover{background-color:inherit!important}.entry{margin-bottom:1.5rem!important;margin-top:1.5rem!important;transition:box-shadow .1s}.entry:hover{box-shadow:0 1em 2em -0.125em rgb(10 10 10 / 10%),0 0 0 1px rgb(10 10 10 / 2%)}.pagination-bar{padding-left:.25rem;padding-right:.25rem}.footer{padding:1rem 1rem 1rem;background-color:transparent}</style>
-    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma/css/bulma.min.css">
-    <link media="none" onload="media='all'" rel="stylesheet" href="https://unpkg.com/[email protected]/css/bulma-prefers-dark.min.css" />
-    <noscript>
-        <link rel="stylesheet" href="https://unpkg.com/[email protected]/css/bulma-prefers-dark.min.css" />
-    </noscript>
+    <link rel="preload" as="style" onload="this.rel='stylesheet'" href="https://cdn.jsdelivr.net/npm/bulma/css/bulma.min.css">
+    <link media="(prefers-color-scheme: dark)" rel="stylesheet" href="https://cdn.jsdelivr.net/gh/jloh/bulma-prefers-dark/css/bulma-prefers-dark.min.css">
 </head>
 \ No newline at end of file
diff --git a/layout/_partial/header.ejs b/layout/_partial/header.ejs
index f9463f7..8ad3684 100644
--- a/layout/_partial/header.ejs
+++ b/layout/_partial/header.ejs
@@ -47,9 +47,12 @@
                             const favicon = mapping[1];
                             let outter = link.startsWith("https://") ? true : false;
                         %>
-                        <a class="icon" href="<%= link %>" target="<%= outter ? '_blank' : '_self' %>">
-                            <i class="<%= favicon %>"></i>
-                        </a>
+                        <% if (outter) { %>
+                            <a class="icon" href="<%= link %>" target="_blank" rel="noopener noreferrer">
+                        <% } else { %>  
+                            <a class="icon" href="<%= link %>">
+                        <% } %>
+                        <i class="<%= favicon %>"></i></a>
                     <% } %>
                 </ul>
             </p>
diff --git a/layout/_partial/scripts.ejs b/layout/_partial/scripts.ejs
index 9f1a769..63975f4 100644
--- a/layout/_partial/scripts.ejs
+++ b/layout/_partial/scripts.ejs
@@ -33,11 +33,12 @@
     </script>
 <% } %>
 
-<!-- Font Awesome delay loading -->
-<link media="none" onload="media='all'" rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/css/font-awesome.min.css">
-
 <!-- Shikwasa Player support -->
 <% if (is_post() && theme.podcast && page.podcast) { %>
     <script defer src="https://cdn.jsdelivr.net/npm/shikwasa/dist/shikwasa.min.js"></script>
     <link media="none" onload="media='all'" rel="stylesheet" href="https://cdn.jsdelivr.net/npm/shikwasa/dist/shikwasa.min.css">
 <% } %>
+
+<!-- Font Awesome delay loading -->
+<link rel="preload" as="style" onload="this.rel='stylesheet'" rel="stylesheet"
+    href="https://cdn.jsdelivr.net/npm/[email protected]/css/font-awesome.min.css">
author	Doge <[email protected]>	2021-05-11 12:45:22 +0800
committer	Doge <[email protected]>	2021-05-11 12:45:22 +0800
commit	96814fc7dbd1c5c9770dc5563be2be0bc6422397 (patch)
tree	54ea432479a0cdd1d1424476701336309a2185a7 /layout
parent	0aa17cb5729bf39df1cfddcd5520fd9f238cadbd (diff)
download	chromate-96814fc7dbd1c5c9770dc5563be2be0bc6422397.tar.gz chromate-96814fc7dbd1c5c9770dc5563be2be0bc6422397.tar.bz2 chromate-96814fc7dbd1c5c9770dc5563be2be0bc6422397.zip