Add rel="noopener noreferrer" to external links

Background:
https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerab
ility-ever-96e328301f4c#.hduwdbjlb

core/modules/parsers/wikiparser/rules/extlink.js

@@ -42,7 +42,8 @@ exports.parse = function() {
 			attributes: {
 				href: {type: "string", value: this.match[0]},
 				"class": {type: "string", value: "tc-tiddlylink-external"},
-				target: {type: "string", value: "_blank"}
+				target: {type: "string", value: "_blank"},
+				rel: {type: "string", value: "noopener noreferrer"}
 			},
 			children: [{
 				type: "text", text: this.match[0]

core/modules/parsers/wikiparser/rules/prettyextlink.js

@@ -106,6 +106,7 @@ exports.parseLink = function(source,pos) {
 	}
 	node.attributes.href = {type: "string", value: URL};
 	node.attributes.target = {type: "string", value: "_blank"};
+	node.attributes.rel = {type: "string", value: "noopener noreferrer"};
 	// Update the end position
 	node.end = closePos + 2;
 	return node;

core/modules/parsers/wikiparser/rules/prettylink.js

@@ -40,7 +40,8 @@ exports.parse = function() {
 			attributes: {
 				href: {type: "string", value: link},
 				"class": {type: "string", value: "tc-tiddlylink-external"},
-				target: {type: "string", value: "_blank"}
+				target: {type: "string", value: "_blank"},
+				rel: {type: "string", value: "noopener noreferrer"}
 			},
 			children: [{
 				type: "text", text: text

core/modules/savers/download.js

@@ -34,6 +34,7 @@ DownloadSaver.prototype.save = function(text,method,callback,options) {
 	// Set up the link
 	var link = document.createElement("a");
 	link.setAttribute("target","_blank");
+	link.setAttribute("rel","noopener noreferrer");
 	if(Blob !== undefined) {
 		var blob = new Blob([text], {type: "text/html"});
 		link.setAttribute("href", URL.createObjectURL(blob));

core/modules/utils/dom/modal.js

@@ -102,6 +102,7 @@ Modal.prototype.display = function(title,options) {
 		var link = document.createElement("a");
 		link.setAttribute("href",tiddler.fields.help);
 		link.setAttribute("target","_blank");
+		link.setAttribute("rel","noopener noreferrer");
 		link.appendChild(document.createTextNode("Help"));
 		modalFooterHelp.appendChild(link);
 		modalFooterHelp.style.float = "left";

editions/dev/tiddlers/system/github-fork-ribbon.tid

@@ -3,4 +3,4 @@ tags: $:/tags/PageControls
 caption: ~GitHub ribbon
 description: ~GitHub ribbon for tw5.com/dev
 
-<div class="github-fork-ribbon-wrapper right" style><div class="github-fork-ribbon" style="background-color:#DF4848;"><a href="https://github.com/Jermolene/TiddlyWiki5" target="_blank">Find me on ~GitHub</a></div></div>
+<div class="github-fork-ribbon-wrapper right" style><div class="github-fork-ribbon" style="background-color:#DF4848;"><a href="https://github.com/Jermolene/TiddlyWiki5" target="_blank" rel="noopener noreferrer">Find me on ~GitHub</a></div></div>

editions/tw5.com/tiddlers/editions/Empty Edition.tid

@@ -8,4 +8,4 @@ The "empty" edition of TiddlyWiki is a vanilla distribution, with no additional
 
 The empty edition can be downloaded from:
 
-<a href="empty.html" target="_blank">empty.html</a>
+<a href="empty.html" target="_blank" rel="noopener noreferrer">empty.html</a>

editions/tw5.com/tiddlers/editions/Full Edition.tid

@@ -8,4 +8,4 @@ The "full" edition of TiddlyWiki consists of all the available languages, themes
 
 The full edition can be downloaded from:
 
-<a href="editions/full/index.html" target="_blank">editions/full/index.html</a>
+<a href="editions/full/index.html" target="_blank" rel="noopener noreferrer">editions/full/index.html</a>

editions/tw5.com/tiddlers/editions/Resume Builder Edition.tid

@@ -6,4 +6,4 @@ type: text/vnd.tiddlywiki
 
 The ''Résumé Builder'' edition of TiddlyWiki gets you started with a simple way to create a professional resume that you can save to the web or print.
 
-<a href="editions/resumebuilder/index.html" target="_blank">editions/resumebuilder/index.html</a>
+<a href="editions/resumebuilder/index.html" target="_blank" rel="noopener noreferrer">editions/resumebuilder/index.html</a>

editions/tw5.com/tiddlers/editions/Text Slicer Edition.tid

@@ -6,4 +6,4 @@ type: text/vnd.tiddlywiki
 
 The ''Text-Slicer'' edition of TiddlyWiki contains tools to help advanced users slice long texts up into individual tiddlers.
 
-<a href="editions/text-slicer/index.html" target="_blank">editions/text-slicer/index.html</a>
+<a href="editions/text-slicer/index.html" target="_blank" rel="noopener noreferrer">editions/text-slicer/index.html</a>

editions/tw5.com/tiddlers/hellothere/HelloThere.tid

@@ -18,16 +18,16 @@ Use it to keep your [[to-do list|TaskManagementExample]], to plan an [[essay or
 Unlike conventional online services, TiddlyWiki lets you choose where to keep your data, guaranteeing that in the decades to come you will still be able to use the notes you take today.
 
 <div style="font-size:0.7em;text-align:center;margin-top:3em;margin-bottom:3em;">
-<a href="http://groups.google.com/group/TiddlyWiki" class="tc-btn-big-green" style="background-color:#FF8C19;" target="_blank">
+<a href="http://groups.google.com/group/TiddlyWiki" class="tc-btn-big-green" style="background-color:#FF8C19;" target="_blank" rel="noopener noreferrer">
 {{$:/core/images/mail}} ~TiddlyWiki Mailing List
 </a>
-<a href="http://www.youtube.com/c/JeremyRuston" class="tc-btn-big-green" style="background-color:#e52d27;" target="_blank">
+<a href="http://www.youtube.com/c/JeremyRuston" class="tc-btn-big-green" style="background-color:#e52d27;" target="_blank" rel="noopener noreferrer">
 {{$:/core/images/video}} ~TiddlyWiki on ~YouTube
 </a>
-<a href="https://twitter.com/TiddlyWiki" class="tc-btn-big-green" style="background-color:#5E9FCA;" target="_blank">
+<a href="https://twitter.com/TiddlyWiki" class="tc-btn-big-green" style="background-color:#5E9FCA;" target="_blank" rel="noopener noreferrer">
 {{$:/core/images/twitter}} @~TiddlyWiki on Twitter
 </a>
-<a href="https://github.com/Jermolene/TiddlyWiki5" class="tc-btn-big-green" style="background-color:#444;" target="_blank">
+<a href="https://github.com/Jermolene/TiddlyWiki5" class="tc-btn-big-green" style="background-color:#444;" target="_blank" rel="noopener noreferrer">
 {{$:/core/images/github}} ~TiddlyWiki on ~GitHub
 </a>
 </div>

editions/tw5.com/tiddlers/hellothere/What happened to the original TiddlyWiki.tid

@@ -3,7 +3,7 @@ tags: HelloThere
 created: 201409040851
 modified: 201409040851
 
-<a class="tc-float-right tc-bordered-image" href="http://classic.tiddlywiki.com/" target="_blank">[img width="200" [TiddlyWiki Classic.png]]</a>
+<a class="tc-float-right tc-bordered-image" href="http://classic.tiddlywiki.com/" target="_blank" rel="noopener noreferrer">[img width="200" [TiddlyWiki Classic.png]]</a>
 
 The original [[Classic|TiddlyWikiClassic]] version of TiddlyWiki is still available at:
 

editions/tw5.com/tiddlers/system/ContributionBanner.tid

@@ -7,7 +7,7 @@ https://github.com/Jermolene/TiddlyWiki5/edit/master/editions/tw5.com/tiddlers/$
 \end
 \define innerMakeGitHubLink(linkText)
 <$set name="githubLink" value={{$:/config/OriginalTiddlerPaths##$(draftOfTiddler)$}}>
-<a href=<<makeGitHubLink>> class="tc-tiddlylink-external" target="_blank">$linkText$</a>
+<a href=<<makeGitHubLink>> class="tc-tiddlylink-external" target="_blank"  rel="noopener noreferrer">$linkText$</a>
 </$set>
 \end
 \define outerMakeGitHubLink(linkText)

editions/tw5.com/tiddlers/system/Sources.tid

@@ -13,7 +13,7 @@ https://github.com/Jermolene/TiddlyWiki5/blob/master/editions/tw5.com/tiddlers/$
 \end
 \define outerMakeGitHubLink()
 <$set name="githubLink" value={{$:/config/OriginalTiddlerPaths##$(currentTiddler)$}}>
-<a href=<<makeGitHubLink>> class="tc-tiddlylink-external" target="_blank"><$text text=<<makeGitHubLink>>/></a>
+<a href=<<makeGitHubLink>> class="tc-tiddlylink-external" target="_blank" rel="noopener noreferrer"><$text text=<<makeGitHubLink>>/></a>
 </$set>
 \end
 <$list filter="[all[current]!is[system]!is[shadow]]">

editions/tw5.com/tiddlers/system/doc-macros.tid

@@ -36,7 +36,7 @@ tags: $:/tags/Macro
 \define .link(_,to) <$link to="$to$">$_$</$link>
 \define .clink(_,to) <span class="doc-clink"><<.link """$_$""" "$to$">></span>
 \define .dlink(_,to) <$macrocall $name=".link" _=<<.def "$_$">> to="$to$">/>
-\define .dlink-ex(_,to) <a href="$to$" class="tc-tiddlylink-external" target="_blank"><<.def "$_$">></a>
+\define .dlink-ex(_,to) <a href="$to$" class="tc-tiddlylink-external" target="_blank" rel="noopener noreferrer"><<.def "$_$">></a>
 \define .flink(to) <$macrocall $name=".link" _=<<.field {{$to$!!caption}}>> to="$to$"/>
 \define .mlink(_,to) <$macrocall $name=".link" _=<<.var "$_$">> to=<<.mtitle "$_$">>/>
 \define .mlink2(_,to) <$macrocall $name=".link" _=<<.var "$_$">> to="$to$"/>

plugins/tiddlywiki/powered-by-tiddlywiki/banner.tid

@@ -1,6 +1,6 @@
 title: $:/plugins/tiddlywiki/powered-by-tiddlywiki/banner
 tags: $:/tags/PageTemplate
 
-<a href="http://tiddlywiki.com" target="_blank">
+<a href="http://tiddlywiki.com" target="_blank" rel="noopener noreferrer">
 [img width="160px" class="tc-powered-by-tiddlywiki-banner" [$:/plugins/tiddlywiki/powered-by-tiddlywiki/powered-by-tiddlywiki.svg]]
 </a>

plugins/tiddlywiki/railroad/wrapper.js

@@ -97,6 +97,7 @@ RailroadWidget.prototype.patchLinks = function(node) {
 					if(child.attributes["data-tw-external"]) {
 						// External links are straightforward
 						child.setAttribute("target","_blank");
+						child.setAttribute("rel","noopener noreferrer");
 					} else {
 						// Each internal link gets its own onclick handler, capturing its own copy of target
 						(function(myTarget) {