diff --git a/src/pretix/base/payment.py b/src/pretix/base/payment.py index a9b6e19a49..bca9e46ca6 100644 --- a/src/pretix/base/payment.py +++ b/src/pretix/base/payment.py @@ -176,7 +176,7 @@ class BasePaymentProvider: forms.BooleanField( label=_('Calculate the fee from the total value including the fee.'), help_text=_('We recommend to enable this if you want your users to pay the payment fees of your ' - 'payment provider. Click here ' + 'payment provider. Click here ' 'for detailed information on what this does. Don\'t forget to set the correct fees ' 'above!').format(docs_url='https://docs.pretix.eu/en/latest/user/payments/fees.html'), required=False diff --git a/src/pretix/base/templatetags/rich_text.py b/src/pretix/base/templatetags/rich_text.py index b8d2b956e8..b14939a208 100644 --- a/src/pretix/base/templatetags/rich_text.py +++ b/src/pretix/base/templatetags/rich_text.py @@ -61,12 +61,14 @@ def safelink_callback(attrs, new=False): signer = signing.Signer(salt='safe-redirect') attrs[None, 'href'] = reverse('redirect') + '?url=' + urllib.parse.quote(signer.sign(url)) attrs[None, 'target'] = '_blank' + attrs[None, 'rel'] = 'noopener' return attrs def abslink_callback(attrs, new=False): attrs[None, 'href'] = urllib.parse.urljoin(settings.SITE_URL, attrs.get((None, 'href'), '/')) attrs[None, 'target'] = '_blank' + attrs[None, 'rel'] = 'noopener' return attrs diff --git a/src/pretix/control/templates/pretixcontrol/event/widget.html b/src/pretix/control/templates/pretixcontrol/event/widget.html index 5cd1dda798..2b7a979a0f 100644 --- a/src/pretix/control/templates/pretixcontrol/event/widget.html +++ b/src/pretix/control/templates/pretixcontrol/event/widget.html @@ -35,7 +35,7 @@ <noscript> <div class="pretix-widget"> <div class="pretix-widget-info-message"> - {% blocktrans trimmed with a_attr='target="_blank" href="'|add:indexurl|add:'"'|safe %} + {% blocktrans trimmed with a_attr='target="_blank" rel="noopener" href="'|add:indexurl|add:'"'|safe %} JavaScript is disabled in your browser. To access our ticket shop without JavaScript, please <a {{ a_attr }}>click here</a>. {% endblocktrans %} @@ -44,7 +44,7 @@ </noscript>

- + {% trans "Read our documentation for more information" %} diff --git a/src/pretix/plugins/paypal/payment.py b/src/pretix/plugins/paypal/payment.py index c32ac42143..2532446763 100644 --- a/src/pretix/plugins/paypal/payment.py +++ b/src/pretix/plugins/paypal/payment.py @@ -55,7 +55,7 @@ class Paypal(BasePaymentProvider): ('client_id', forms.CharField( label=_('Client ID'), - help_text=_('{text}').format( + help_text=_('{text}').format( text=_('Click here for a tutorial on how to obtain the required keys'), docs_url='https://docs.pretix.eu/en/latest/user/payments/paypal.html' ) diff --git a/src/pretix/plugins/stripe/payment.py b/src/pretix/plugins/stripe/payment.py index c1fe0c127e..ba76ae018f 100644 --- a/src/pretix/plugins/stripe/payment.py +++ b/src/pretix/plugins/stripe/payment.py @@ -76,7 +76,7 @@ class StripeSettingsHolder(BasePaymentProvider): ('secret_key', forms.CharField( label=_('Secret key'), - help_text=_('{text}').format( + help_text=_('{text}').format( text=_('Click here for a tutorial on how to obtain the required keys'), docs_url='https://docs.pretix.eu/en/latest/user/payments/stripe.html' ), diff --git a/src/pretix/presale/templates/pretixpresale/base.html b/src/pretix/presale/templates/pretixpresale/base.html index b5856fba10..935164d69d 100644 --- a/src/pretix/presale/templates/pretixpresale/base.html +++ b/src/pretix/presale/templates/pretixpresale/base.html @@ -51,7 +51,7 @@ · {% endif %} {% for f in footer %} - {{ f.label }} + {{ f.label }} · {% endfor %} {% include "pretixpresale/base_footer.html" %} diff --git a/src/pretix/presale/templates/pretixpresale/base_footer.html b/src/pretix/presale/templates/pretixpresale/base_footer.html index 92c5b5231b..b175e6b0c1 100644 --- a/src/pretix/presale/templates/pretixpresale/base_footer.html +++ b/src/pretix/presale/templates/pretixpresale/base_footer.html @@ -1,7 +1,7 @@ {% load i18n %} {% load safelink %} {% safelink "https://pretix.eu" as pretixurl %} -{% with 'target="_blank" href="'|add:pretixurl|add:'"'|safe as a_attr %} +{% with 'target="_blank" rel="noopener" href="'|add:pretixurl|add:'"'|safe as a_attr %} {% blocktrans trimmed %} powered by pretix {% endblocktrans %} diff --git a/src/pretix/presale/templates/pretixpresale/event/base.html b/src/pretix/presale/templates/pretixpresale/event/base.html index 727b19e8ce..49e2a85b32 100644 --- a/src/pretix/presale/templates/pretixpresale/event/base.html +++ b/src/pretix/presale/templates/pretixpresale/event/base.html @@ -66,7 +66,7 @@ {% trans "Contact event organizer" %} · {% endif %} {% if request.event.settings.imprint_url %} - {% trans "Imprint" %} + {% trans "Imprint" %} · {% endif %} {% endblock %} diff --git a/src/pretix/static/pretixpresale/js/widget/widget.js b/src/pretix/static/pretixpresale/js/widget/widget.js index 8461fceff1..d5823ac9e5 100644 --- a/src/pretix/static/pretixpresale/js/widget/widget.js +++ b/src/pretix/static/pretixpresale/js/widget/widget.js @@ -23,7 +23,7 @@ var strings = { 'cart_exists': django.pgettext('widget', 'You currently have an active cart for this event. If you select more' + ' products, they will be added to your existing cart. Click on this message to continue checkout with your' + ' cart.'), - 'poweredby': django.pgettext('widget', 'ticketing powered by pretix'), + 'poweredby': django.pgettext('widget', 'ticketing powered by pretix'), 'redeem_voucher': django.pgettext('widget', 'Redeem a voucher'), 'redeem': django.pgettext('widget', 'Redeem'), 'voucher_code': django.pgettext('widget', 'Voucher code'),