packages: remove onclick handlerrelease_2019-12-18

The onclick handler is a CSP violator since no JavaScript is allowed to be executed without a nounce. The inline script has been replaced with a target="_blank". Closes: #202 Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
author: Jelle van der Waa <jelle@vdwaa.nl> 2019-12-18 17:33:26 +0100
committer: Jelle van der Waa <jelle@vdwaa.nl> 2019-12-18 17:33:33 +0100
commit: 1abf4357fa5a7b802246a5d93786de1b1c372605 (patch)
tree: 953cb17ddee611e889c67fe9b4a0b406653468f8
parent: 6507d02ca978ef10afd8790f3acf0fc3f61253b5 (diff)
download: archweb-release_2019-12-18.tar.gz
archweb-release_2019-12-18.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/templates/packages/package_details.html b/templates/packages/package_details.html
index 3738ae49..27a4ce31 100644
--- a/templates/packages/package_details.html
+++ b/templates/packages/package_details.html
@@ -34,8 +34,8 @@
                 <li><a href="flag/" title="Flag {{ pkg.pkgname }} as out-of-date">Flag Package Out-of-Date</a>
                 <a href="/packages/flaghelp/"
                     title="Get help on package flagging"
-                    onclick="return !window.open('/packages/flaghelp/','FlagHelp',
-                    'height=350,width=450,location=no,scrollbars=yes,menubars=no,toolbars=no,resizable=no');">(?)</a></li>
+		    target="_blank"
+		    >(?)</a></li>
                 {% endif %}
                 <li><a href="download/" rel="nofollow" title="Download {{ pkg.pkgname }} from mirror">Download From Mirror</a></li>
             </ul>
author	Jelle van der Waa <jelle@vdwaa.nl>	2019-12-18 17:33:26 +0100
committer	Jelle van der Waa <jelle@vdwaa.nl>	2019-12-18 17:33:33 +0100
commit	1abf4357fa5a7b802246a5d93786de1b1c372605 (patch)
tree	953cb17ddee611e889c67fe9b4a0b406653468f8
parent	6507d02ca978ef10afd8790f3acf0fc3f61253b5 (diff)
download	archweb-release_2019-12-18.tar.gz archweb-release_2019-12-18.zip