From f821c4ca9165be3064eca91a7eb23dde61b25ad4 Mon Sep 17 00:00:00 2001
From: Marcus Bransbury <marcus.bransbury@gmail.com>
Date: Fri, 13 Apr 2018 23:52:01 +0100
Subject: [PATCH] Update link.js

Updating `rel="noopener noreferrer"` for Edge and (partial) IE11 support:
https://caniuse.com/#search=noopener
https://caniuse.com/#search=noreferrer
Reason here: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
---
 lib/markdown/link.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/markdown/link.js b/lib/markdown/link.js
index 0ee581eb38..16ad7e5bd0 100644
--- a/lib/markdown/link.js
+++ b/lib/markdown/link.js
@@ -15,7 +15,7 @@ module.exports = md => {
       const isSourceLink = /(\/|\.md|\.html)(#[\w-]*)?$/.test(href)
       if (isExternal) {
         addAttr(token, 'target', '_blank')
-        addAttr(token, 'rel', 'noopener')
+        addAttr(token, 'rel', 'noopener noreferrer')
       } else if (isSourceLink) {
         hasOpenRouterLink = true
         tokens[idx] = toRouterLink(token, link)