From fa5ac4040e8e2fc57bef5c598e1ceda4c2fc0a73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?William=20Herg=C3=A8s?= <william@herges.fr>
Date: Sun, 5 Oct 2025 15:16:20 +0200
Subject: feat(backend): add noreferer on external link and move target blank

---
 markdown/ast_external.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'markdown/ast_external.go')

diff --git a/markdown/ast_external.go b/markdown/ast_external.go
index f37a685..e648ad5 100644
--- a/markdown/ast_external.go
+++ b/markdown/ast_external.go
@@ -3,8 +3,11 @@ package markdown
 import (
 	"fmt"
 	"html/template"
+	"regexp"
 )
 
+var externalLink = regexp.MustCompile(`https?://`)
+
 type astLink struct {
 	content block
 	href    block
@@ -19,7 +22,14 @@ func (a *astLink) Eval(opt *Option) (template.HTML, *ParseError) {
 	if err != nil {
 		return "", err
 	}
-	return template.HTML(fmt.Sprintf(`<a href="%s">%s</a>`, href, content)), nil
+	return RenderLink(string(content), string(href)), nil
+}
+
+func RenderLink(content, href string) template.HTML {
+	if !externalLink.Match([]byte(href)) {
+		return template.HTML(fmt.Sprintf(`<a href="%s">%s</a>`, href, content))
+	}
+	return template.HTML(fmt.Sprintf(`<a href="%s" target="_blank" rel="noreferer">%s</a>`, href, content))
 }
 
 type astImage struct {
-- 
cgit v1.2.3