Add noopener and noreferrer to LTI lauches

DatabayAG · Sep 19, 2024 · 8f87740 · 8f87740
1 parent af28c19
commit 8f87740
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -48,6 +48,18 @@ and replace it with:
 document.addEventListener("DOMContentLoaded", function(event)
 ````
 
+## Security
 
+To improve security with opening external sites, we recommend setting `noopener` and `noreferrer` in the lauch forms or links used in the XML of your type definitions, e.g. for LTI types:
 
+Search for:
+````
+target="{FORM_TARGET}" 
+````
+and replace with:
+````
+target="{FORM_TARGET}" rel="noopener noreferrer"
+````
+
+This is done in the models for creating new LTI 1.1 types.
 
diff --git a/models/lti_1_1_dutch/interface.xml b/models/lti_1_1_dutch/interface.xml
@@ -5,7 +5,7 @@
   <description>LTI 1.1 met Basic Outcome Service, zie http://developers.imsglobal.org</description>
 
   <template><![CDATA[
-  <form name="basicltiLaunchForm" action="{LAUNCH_URL}" method="post" target="{FORM_TARGET}" encType="application/x-www-form-urlencoded">
+  <form name="basicltiLaunchForm" action="{LAUNCH_URL}" method="post" target="{FORM_TARGET}" rel="noopener noreferrer" encType="application/x-www-form-urlencoded">
 	  {HIDDEN_INPUTS}
 	  <input class="btn btn-default" type="submit" value = "Start" />
 	  {DEBUG_EMBED}

diff --git a/models/lti_1_1_english/interface.xml b/models/lti_1_1_english/interface.xml
@@ -5,7 +5,7 @@
   <description>LTI 1.1 with Basic Outcome Service, see http://developers.imsglobal.org</description>
 
   <template><![CDATA[
-  <form name="basicltiLaunchForm" action="{LAUNCH_URL}" method="post" target="{FORM_TARGET}" encType="application/x-www-form-urlencoded">
+  <form name="basicltiLaunchForm" action="{LAUNCH_URL}" method="post" target="{FORM_TARGET}" rel="noopener noreferrer" encType="application/x-www-form-urlencoded">
 	  {HIDDEN_INPUTS}
 	  <input class="btn btn-default" type="submit" value = "Press to launch" />
 	  {DEBUG_EMBED}

diff --git a/models/lti_1_1_german/interface.xml b/models/lti_1_1_german/interface.xml
@@ -5,7 +5,7 @@
   <description>Verwendet LTI 1.1 mit Basic Outcome Service, siehe http://developers.imsglobal.org</description>
 
   <template><![CDATA[
-  <form name="basicltiLaunchForm" action="{LAUNCH_URL}" method="post" target="{FORM_TARGET}" encType="application/x-www-form-urlencoded">
+  <form name="basicltiLaunchForm" action="{LAUNCH_URL}" method="post" target="{FORM_TARGET}" rel="noopener noreferrer" encType="application/x-www-form-urlencoded">
 	  {HIDDEN_INPUTS}
 	  <input class="btn btn-default" type="submit" value = "Starten" />
 	  {DEBUG_EMBED}