From 6b6201b44804d8907dd1cfbf584fa237cfba7d2c Mon Sep 17 00:00:00 2001
From: John McLear <john@mclear.co.uk>
Date: Sun, 21 Feb 2021 19:30:39 +0000
Subject: [PATCH] null link on plugins and noopener / noreferrer

Resolves a (non) security issue brought up by LGTM but I think the noopener and norefferer are good shouts
---
 src/static/js/admin/plugins.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/static/js/admin/plugins.js b/src/static/js/admin/plugins.js
index 8dcb4a60c..613df3688 100644
--- a/src/static/js/admin/plugins.js
+++ b/src/static/js/admin/plugins.js
@@ -84,9 +84,10 @@ $(document).ready(() => {
 
       for (const attr in plugin) {
         if (attr === 'name') { // Hack to rewrite URLS into name
-          const link = $('<a>');
+          const link = $('<a href="">'); // intentional null href
           link.attr('href', `https://npmjs.org/package/${plugin.name}`);
           link.attr('plugin', 'Plugin details');
+          link.attr('rel', 'noopener noreferrer');
           link.attr('target', '_blank');
           link.text(plugin.name.substr(3));
           row.find('.name').append(link);