[enh] implements #264 : add rel="noreferrer" to external links

searx/templates/courgette/result_templates/code.html

@@ -1,8 +1,8 @@
 <div class="result {{ result.class }}">
-    <h3 class="result_title">{% if result['favicon'] %}<img width="14" height="14" class="favicon" src="static/{{theme}}/img/icon_{{result['favicon']}}.ico" alt="{{result['favicon']}}" />{% endif %}<a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+    <h3 class="result_title">{% if result['favicon'] %}<img width="14" height="14" class="favicon" src="static/{{theme}}/img/icon_{{result['favicon']}}.ico" alt="{{result['favicon']}}" />{% endif %}<a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
     {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span>{% endif %}
     <p class="content">{% if result.img_src %}<img src="{{ image_proxify(result.img_src) }}" class="image" />{% endif %}{% if result.content %}{{ result.content|safe }}<br class="last"/>{% endif %}</p>
-    {% if result.repository %}<p class="content"><a href="{{ result.repository|safe }}">{{ result.repository }}</a></p>{% endif %}
+    {% if result.repository %}<p class="content"><a href="{{ result.repository|safe }}" rel="noreferrer">{{ result.repository }}</a></p>{% endif %}
     <div dir="ltr">
     {{ result.codelines|code_highlighter(result.code_language)|safe }}
 	</div>

searx/templates/courgette/result_templates/default.html

@@ -5,9 +5,9 @@
     {% endif %}
 
     <div>
-        <h3 class="result_title"><a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+        <h3 class="result_title"><a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
         {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span>{% endif %}
         <p class="content">{% if result.content %}{{ result.content|safe }}<br />{% endif %}</p>
         <p class="url">{{ result.pretty_url }}&lrm;</p>
     </div>
-</div>
+</div>

searx/templates/courgette/result_templates/images.html

@@ -1,6 +1,6 @@
 <div class="image_result">
     <p>
-        <a href="{{ result.img_src }}"><img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}"/></a>
-        <span class="url"><a href="{{ result.url }}" class="small_font">{{ _('original context') }}</a></span>
+        <a href="{{ result.img_src }}" rel="noreferrer"><img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}"/></a>
+        <span class="url"><a href="{{ result.url }}" rel="noreferrer" class="small_font">{{ _('original context') }}</a></span>
     </p>
 </div>

searx/templates/courgette/result_templates/map.html

@@ -5,9 +5,9 @@
     {% endif %}
 
     <div>
-        <h3 class="result_title"><a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+        <h3 class="result_title"><a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
         {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span>{% endif %}
         <p class="content">{% if result.content %}{{ result.content|safe }}<br />{% endif %}</p>
         <p class="url">{{ result.pretty_url }}&lrm;</p>
     </div>
-</div>
+</div>

searx/templates/courgette/result_templates/torrent.html

@@ -2,12 +2,12 @@
     {% if "icon_"~result.engine~".ico" in favicons %}
     <img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />
     {% endif %}
-    <h3 class="result_title"><a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+    <h3 class="result_title"><a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
     {% if result.content %}<span class="content">{{ result.content|safe }}</span><br />{% endif %}
     <span class="stats">{{ _('Seeder') }} : {{ result.seed }}, {{ _('Leecher') }} : {{ result.leech }}</span><br />
     <span>
         {% if result.magnetlink %}<a href="{{ result.magnetlink }}" class="magnetlink">{{ _('magnet link') }}</a>{% endif %} 
-        {% if result.torrentfile %}<a href="{{ result.torrentfile }}" class="torrentfile">{{ _('torrent file') }}</a>{% endif %}
+        {% if result.torrentfile %}<a href="{{ result.torrentfile }}" class="torrentfile" rel="noreferrer">{{ _('torrent file') }}</a>{% endif %}
     </span>
     <p class="url">{{ result.pretty_url }}&lrm;</p>
-</div>
+</div>

searx/templates/courgette/result_templates/videos.html

@@ -3,8 +3,8 @@
     <img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />
 	{% endif %}
 
-    <h3 class="result_title"><a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+    <h3 class="result_title"><a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
     {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span><br />{% endif %}
-    <a href="{{ result.url }}"><img width="400" src="{{ image_proxify(result.thumbnail) }}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}"/></a>
+    <a href="{{ result.url }}" rel="noreferrer"><img width="400" src="{{ image_proxify(result.thumbnail) }}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}"/></a>
     <p class="url">{{ result.pretty_url }}&lrm;</p>
 </div>

searx/templates/default/infobox.html

@@ -17,7 +17,7 @@
     <div class="urls">
         <ul>
             {% for url in infobox.urls %}
-            <li class="url"><a href="{{ url.url }}">{{ url.title }}</a></li>
+            <li class="url"><a href="{{ url.url }}" rel="noreferrer">{{ url.title }}</a></li>
             {% endfor %}
         </ul>
     </div>

searx/templates/default/result_templates/code.html

@@ -1,9 +1,9 @@
 <div class="result {{ result.class }}">
-    <h3 class="result_title"> {% if result['favicon'] %}<img width="14" height="14" class="favicon" src="static/{{theme}}/img/icon_{{result['favicon']}}.ico" alt="{{result['favicon']}}" />{% endif %}<a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
-    <p class="url">{{ result.pretty_url }}&lrm; <a class="cache_link" href="https://web.archive.org/web/{{ result.url }}">{{ _('cached') }}</a></p>
+    <h3 class="result_title"> {% if result['favicon'] %}<img width="14" height="14" class="favicon" src="static/{{theme}}/img/icon_{{result['favicon']}}.ico" alt="{{result['favicon']}}" />{% endif %}<a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
+    <p class="url">{{ result.pretty_url }}&lrm; <a class="cache_link" href="https://web.archive.org/web/{{ result.url }}" rel="noreferrer">{{ _('cached') }}</a></p>
     {% if result.publishedDate %}<p class="published_date">{{ result.publishedDate }}</p>{% endif %}
     <p class="content">{% if result.img_src %}<img src="{{ image_proxify(result.img_src) }}" class="image" />{% endif %}{% if result.content %}{{ result.content|safe }}<br class="last"/>{% endif %}</p>
-    {% if result.repository %}<p class="result-content"><a href="{{ result.repository|safe }}">{{ result.repository }}</a></p>{% endif %}
+    {% if result.repository %}<p class="result-content"><a href="{{ result.repository|safe }}" rel="noreferrer">{{ result.repository }}</a></p>{% endif %}
     
     <div dir="ltr">
     {{ result.codelines|code_highlighter(result.code_language)|safe }}

searx/templates/default/result_templates/default.html

@@ -1,6 +1,6 @@
 <div class="result {{ result.class }}">
-    <h3 class="result_title">{% if "icon_"~result.engine~".ico" in favicons %}<img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />{% endif %}<a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
-    <p class="url">{{ result.pretty_url }}&lrm; <a class="cache_link" href="https://web.archive.org/web/{{ result.url }}">{{ _('cached') }}</a>
+    <h3 class="result_title">{% if "icon_"~result.engine~".ico" in favicons %}<img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />{% endif %}<a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
+    <p class="url">{{ result.pretty_url }}&lrm; <a class="cache_link" href="https://web.archive.org/web/{{ result.url }}" rel="noreferrer">{{ _('cached') }}</a>
     {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span>{% endif %}</p>
     <p class="content">{% if result.img_src %}<img src="{{ image_proxify(result.img_src) }}" class="image" />{% endif %}{% if result.content %}{{ result.content|safe }}<br class="last"/>{% endif %}</p>
 </div>

searx/templates/default/result_templates/images.html

@@ -1,6 +1,6 @@
 <div class="image_result">
     <p>
-        <a href="{{ result.img_src }}"><img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}" /></a>
-        <span class="url"><a href="{{ result.url }}" class="small_font">{{ _('original context') }}</a></span>
+        <a href="{{ result.img_src }}" rel="noreferrer"><img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}" /></a>
+        <span class="url"><a href="{{ result.url }}" rel="noreferrer" class="small_font">{{ _('original context') }}</a></span>
     </p>
 </div>

searx/templates/default/result_templates/map.html

@@ -5,8 +5,8 @@
     {% endif %}
 
     <div>
-        <h3 class="result_title"><a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
-        <p class="url">{{ result.pretty_url }}&lrm; <a class="cache_link" href="https://web.archive.org/web/{{ result.url }}">{{ _('cached') }}</a>
+        <h3 class="result_title"><a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
+        <p class="url">{{ result.pretty_url }}&lrm; <a class="cache_link" href="https://web.archive.org/web/{{ result.url }}" rel="noreferrer">{{ _('cached') }}</a>
         {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span>{% endif %}</p>
         <p class="content">{% if result.img_src %}<img src="{{ image_proxify(result.img_src) }}" class="image" />{% endif %}{% if result.content %}{{ result.content|safe }}<br class="last"/>{% endif %}</p>
     </div>

searx/templates/default/result_templates/torrent.html

@@ -2,12 +2,12 @@
   {% if "icon_"~result.engine~".ico" in favicons %}
     <img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />
   {% endif %}
-    <h3 class="result_title"><a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+    <h3 class="result_title"><a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
     <p class="url">{{ result.pretty_url }}&lrm;</p>
     {% if result.content %}<p class="content">{{ result.content|safe }}</p>{% endif %}
     <p>
         {% if result.magnetlink %}<a href="{{ result.magnetlink }}" class="magnetlink">{{ _('magnet link') }}</a>{% endif %} 
-        {% if result.torrentfile %}<a href="{{ result.torrentfile }}" class="torrentfile">{{ _('torrent file') }}</a>{% endif %} - 
+        {% if result.torrentfile %}<a href="{{ result.torrentfile }}" rel="noreferrer" class="torrentfile">{{ _('torrent file') }}</a>{% endif %} - 
         <span class="stats">{{ _('Seeder') }} : {{ result.seed }}, {{ _('Leecher') }} : {{ result.leech }}</span>
     </p>
 </div>

searx/templates/default/result_templates/videos.html

@@ -1,6 +1,6 @@
 <div class="result">
-    <h3 class="result_title">{% if "icon_"~result.engine~".ico" in favicons %}<img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />{% endif %}<a href="{{ result.url }}">{{ result.title|safe }}</a></h3>
+    <h3 class="result_title">{% if "icon_"~result.engine~".ico" in favicons %}<img width="14" height="14" class="favicon" src="{{ url_for('static', filename='img/icons/icon_'+result.engine+'.ico') }}" alt="{{result.engine}}" />{% endif %}<a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h3>
     {% if result.publishedDate %}<span class="published_date">{{ result.publishedDate }}</span><br />{% endif %}
-    <a href="{{ result.url }}"><img class="thumbnail" src="{{ image_proxify(result.thumbnail) }}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}"/></a>
+    <a href="{{ result.url }}" rel="noreferrer"><img class="thumbnail" src="{{ image_proxify(result.thumbnail) }}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}"/></a>
     <p class="url">{{ result.url }}&lrm;</p>
 </div>

searx/templates/oscar/infobox.html

@@ -20,7 +20,7 @@
         {% if infobox.urls %}
         <div class="infobox_part">
             {% for url in infobox.urls %}
-            <p class="btn btn-default btn-xs"><a href="{{ url.url }}">{{ url.title }}</a></p>
+            <p class="btn btn-default btn-xs"><a href="{{ url.url }}" rel="noreferrer">{{ url.title }}</a></p>
             {% endfor %}
         </div>
         {% endif %}

searx/templates/oscar/macros.html

@@ -11,15 +11,15 @@
 
 <!-- Draw result header -->
 {% macro result_header(result, favicons) -%} 
-    <h4 class="result_header">{% if result.engine~".png" in favicons %}{{ draw_favicon(result.engine) }} {% endif %}<a href="{{ result.url }}">{{ result.title|safe }}</a></h4>
+    <h4 class="result_header">{% if result.engine~".png" in favicons %}{{ draw_favicon(result.engine) }} {% endif %}<a href="{{ result.url }}" rel="noreferrer">{{ result.title|safe }}</a></h4>
 {%- endmacro %}
 
 <!-- Draw result sub header -->
 {% macro result_sub_header(result) -%}
     {% if result.publishedDate %}<time class="text-muted" datetime="{{ result.pubdate }}" >{{ result.publishedDate }}</time>{% endif %}
-    <small><a class="text-info" href="https://web.archive.org/web/{{ result.url }}">{{ icon('link') }} {{ _('cached') }}</a></small>
+    <small><a class="text-info" href="https://web.archive.org/web/{{ result.url }}" rel="noreferrer">{{ icon('link') }} {{ _('cached') }}</a></small>
     {% if result.magnetlink %}<small> &bull; <a href="{{ result.magnetlink }}" class="magnetlink">{{ icon('magnet') }} {{ _('magnet link') }}</a></small>{% endif %}
-    {% if result.torrentfile %}<small> &bull; <a href="{{ result.torrentfile }}" class="torrentfile">{{ icon('download-alt') }} {{ _('torrent file') }}</a></small>{% endif %}
+    {% if result.torrentfile %}<small> &bull; <a href="{{ result.torrentfile }}" class="torrentfile" rel="noreferrer">{{ icon('download-alt') }} {{ _('torrent file') }}</a></small>{% endif %}
 {%- endmacro %}
 
 <!-- Draw result footer -->

searx/templates/oscar/result_templates/code.html

@@ -5,7 +5,7 @@
 
 {% if result.content %}<p class="result-content">{{ result.content|safe }}</p>{% endif %}
 
-{% if result.repository %}<p class="result-content">{{ icon('file') }} <a href="{{ result.repository|safe }}">{{ result.repository }}</a></p>{% endif %}
+{% if result.repository %}<p class="result-content">{{ icon('file') }} <a href="{{ result.repository|safe }}" rel="noreferrer">{{ result.repository }}</a></p>{% endif %}
 
 <div dir="ltr">
 {{ result.codelines|code_highlighter(result.code_language)|safe }}

searx/templates/oscar/result_templates/images.html

@@ -1,6 +1,6 @@
 {% from 'oscar/macros.html' import draw_favicon %}
 
-<a href="{{ result.img_src }}" data-toggle="modal" data-target="#modal-{{ index }}">
+<a href="{{ result.img_src }}" rel="noreferrer" data-toggle="modal" data-target="#modal-{{ index }}">
     <img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" alt="{{ result.title|striptags }}" title="{{ result.title|striptags }}" class="img-thumbnail">
 </a>
 
@@ -20,8 +20,8 @@
                 <span class="label label-default pull-right">{{ result.engine }}</span>
                 <p class="text-muted pull-left">{{ result.pretty_url }}</p>
                 <div class="clearfix"></div>
-                <a href="{{ result.img_src }}" class="btn btn-default">{{ _('Get image') }}</a>
-                <a href="{{ result.url }}" class="btn btn-default">{{ _('View source') }}</a>
+                <a href="{{ result.img_src }}" rel="noreferrer" class="btn btn-default">{{ _('Get image') }}</a>
+                <a href="{{ result.url }}" rel="noreferrer" class="btn btn-default">{{ _('View source') }}</a>
             </div>
         </div>
     </div>

searx/templates/oscar/result_templates/videos.html

@@ -15,7 +15,7 @@
 
 <div class="container-fluid">
     <div class="row">
-        <a href="{{ result.url }}"><img class="thumbnail col-xs-6 col-sm-4 col-md-4 result-content" src="{{ image_proxify(result.thumbnail) }}" alt="{{ result.title|striptags }} {{ result.engine }}" /></a>
+        <a href="{{ result.url }}" rel="noreferrer"><img class="thumbnail col-xs-6 col-sm-4 col-md-4 result-content" src="{{ image_proxify(result.thumbnail) }}" alt="{{ result.title|striptags }} {{ result.engine }}" /></a>
         {% if result.content %}<p class="col-xs-12 col-sm-8 col-md-8 result-content">{{ result.content|safe }}</p>{% endif %}
     </div>
 </div>

searx/templates/pix-art/result_templates/default.html

@@ -1,6 +1,7 @@
-<a href="{{ result.url }}" title="{{ result.title | striptags }}">
+<a href="{{ result.url }}" title="{{ result.title | striptags }}" rel="noreferrer">
 	<canvas id="canvas-{{ pageno }}-{{ index }}" class="icon" width="16" height="16"></canvas>
 </a>
 <script type="text/javascript">
 favicons[{{ pageno }}][{{ index }}] = 'http://{{ result.url | extract_domain }}/favicon.ico';
-</script>
+</script>
+

searx/templates/pix-art/result_templates/images.html

@@ -1,6 +1,6 @@
 <div class="image_result">
     <p>
-        <a href="{{ result.img_src }}"><img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}" /></a>
-        <span class="url"><a href="{{ result.url }}" class="small_font">{{ _('original context') }}</a></span>
+        <a href="{{ result.img_src }}" rel="noreferrer"><img src="{% if result.thumbnail_src %}{{ image_proxify(result.thumbnail_src) }}{% else %}{{ image_proxify(result.img_src) }}{% endif %}" title="{{ result.title|striptags }}" alt="{{ result.title|striptags }}" /></a>
+        <span class="url"><a href="{{ result.url }}" rel="noreferrer" class="small_font">{{ _('original context') }}</a></span>
     </p>
 </div>

searx/tests/test_webapp.py

@@ -47,7 +47,7 @@ class ViewsTestCase(SearxTestCase):
     def test_index_html(self):
         result = self.app.post('/', data={'q': 'test'})
         self.assertIn(
-            '<h3 class="result_title"><img width="14" height="14" class="favicon" src="/static/themes/default/img/icons/icon_youtube.ico" alt="youtube" /><a href="http://second.test.xyz">Second <span class="highlight">Test</span></a></h3>',  # noqa
+            '<h3 class="result_title"><img width="14" height="14" class="favicon" src="/static/themes/default/img/icons/icon_youtube.ico" alt="youtube" /><a href="http://second.test.xyz" rel="noreferrer">Second <span class="highlight">Test</span></a></h3>',  # noqa
             result.data
         )
         self.assertIn(