diff --git a/src/components/ha-markdown.ts b/src/components/ha-markdown.ts index e811e31373..fdfd980dd5 100644 --- a/src/components/ha-markdown.ts +++ b/src/components/ha-markdown.ts @@ -49,13 +49,17 @@ class HaMarkdown extends UpdatingElement { // Open external links in a new window if ( - node.nodeName === "A" && - (node as HTMLAnchorElement).host !== document.location.host + node instanceof HTMLAnchorElement && + node.host !== document.location.host ) { - (node as HTMLAnchorElement).target = "_blank"; + node.target = "_blank"; + + // protect referrer on external links and deny window.opener access for security reasons + // (see https://mathiasbynens.github.io/rel-noopener/) + node.rel = "noreferrer noopener"; // Fire a resize event when images loaded to notify content resized - } else if (node.nodeName === "IMG") { + } else if (node) { node.addEventListener("load", this._resize); } }