Add a noopener and noreferrer to external urls

- noreferrer is used to prevent the browser from sending the referrer
  to the visited site
- noopener fixes a fun class of bug: https://mathiasbynens.github.io/rel-noopener/

airsonic-main/src/main/webapp/WEB-INF/jsp/albumMain.jsp

@@ -259,13 +259,13 @@
             <sub:param name="type" value="album"/>
         </sub:url>
         <span class="header"><fmt:message key="top.search"/> <a target="_blank" href="${googleUrl}">Google</a></span> |
-        <span class="header"><a target="_blank" href="${wikipediaUrl}">Wikipedia</a></span> |
-        <span class="header"><a target="_blank" href="${allmusicUrl}">allmusic</a></span> |
-        <span class="header"><a target="_blank" href="${lastFmUrl}">Last.fm</a></span> |
+        <span class="header"><a target="_blank" rel="noopener noreferrer" href="${wikipediaUrl}">Wikipedia</a></span> |
+        <span class="header"><a target="_blank" rel="noopener noreferrer" href="${allmusicUrl}">allmusic</a></span> |
+        <span class="header"><a target="_blank" rel="noopener noreferrer" href="${lastFmUrl}">Last.fm</a></span> |
         <c:if test="${not empty model.musicBrainzReleaseId}">
           <sub:url value="https://musicbrainz.org/release/${model.musicBrainzReleaseId}" var="musicBrainzUrl" encoding="UTF-8">
           </sub:url>
-          <span class="header"><a target="_blank" href="${musicBrainzUrl}">MusicBrainz</a></span> |
+          <span class="header"><a target="_blank" rel="noopener noreferrer" href="${musicBrainzUrl}">MusicBrainz</a></span> |
         </c:if>
         <span class="header">
             <fmt:message key="main.playcount"><fmt:param value="${model.dir.playCount}"/></fmt:message>
@@ -406,7 +406,7 @@
                     Upgrade to Subsonic Premium and get:
                 </p>
                 <div style="font-size: 90%;padding-bottom: 1em">
-                    <p><a href="https://airsonic.github.io/docs/apps/" target="_blank">Apps</a> for Android, iPhone, Windows Phone ++.</p>
+                    <p><a href="https://airsonic.github.io/docs/apps/" target="_blank" rel="noopener noreferrer">Apps</a> for Android, iPhone, Windows Phone ++.</p>
                     <p>Video streaming.</p>
                     <p>Chromecast and Sonos support.</p>
                     <p>DLNA/UPnP support</p>

airsonic-main/src/main/webapp/WEB-INF/jsp/changeCoverArt.jsp

@@ -123,7 +123,7 @@
     <div style="clear:both;"></div>
     <div id="images"></div>
     <div style="clear:both;"></div>
-    <a href="https://last.fm/" target="_blank"><img src="<c:url value="/icons/lastfm.gif"/>"></a>
+    <a href="https://last.fm/" target="_blank" rel="noopener noreferrer"><img src="<c:url value="/icons/lastfm.gif"/>"></a>
     <span class="detail" style="padding-left:1em"><fmt:message key="changecoverart.courtesy"/></span>
 </div>
 

airsonic-main/src/main/webapp/WEB-INF/jsp/createShare.jsp

@@ -13,13 +13,13 @@
 
 <fmt:message key="share.warning"/>
 <p>
-    <a href="https://www.facebook.com/sharer.php?u=${model.playUrl}" target="_blank"><img src="<spring:theme code="shareFacebookImage"/>" alt=""></a>&nbsp;
-    <a href="https://www.facebook.com/sharer.php?u=${model.playUrl}" target="_blank"><fmt:message key="share.facebook"/></a>
+    <a href="https://www.facebook.com/sharer.php?u=${model.playUrl}" target="_blank" rel="noopener noreferrer"><img src="<spring:theme code="shareFacebookImage"/>" alt=""></a>&nbsp;
+    <a href="https://www.facebook.com/sharer.php?u=${model.playUrl}" target="_blank" rel="noopener noreferrer"><fmt:message key="share.facebook"/></a>
 </p>
 
 <p>
-    <a href="https://twitter.com/?status=Listening to ${model.playUrl}" target="_blank"><img src="<spring:theme code="shareTwitterImage"/>" alt=""></a>&nbsp;
-    <a href="https://twitter.com/?status=Listening to ${model.playUrl}" target="_blank"><fmt:message key="share.twitter"/></a>
+    <a href="https://twitter.com/?status=Listening to ${model.playUrl}" target="_blank" rel="noopener noreferrer"><img src="<spring:theme code="shareTwitterImage"/>" alt=""></a>&nbsp;
+    <a href="https://twitter.com/?status=Listening to ${model.playUrl}" target="_blank" rel="noopener noreferrer"><fmt:message key="share.twitter"/></a>
 </p>
 <p>
     <fmt:message key="share.link">

airsonic-main/src/main/webapp/WEB-INF/jsp/error.jsp

@@ -18,7 +18,7 @@
 
 <p>
     Airsonic encountered an internal error. You can report this error in the
-    <a href="https://www.reddit.com/r/airsonic" target="_blank">Airsonic Forum</a>.
+    <a href="https://www.reddit.com/r/airsonic" target="_blank" rel="noopener noreferrer">Airsonic Forum</a>.
     Please include the information below.
 </p>
 

airsonic-main/src/main/webapp/WEB-INF/jsp/externalPlayer.jsp

@@ -45,7 +45,7 @@
 </c:forEach>
 </audio>
 
-<div class="detail" style="text-align:center;">Streaming by <a href="https://airsonic.github.io/" target="_blank"><b>Airsonic</b></a></div>
+<div class="detail" style="text-align:center;">Streaming by <a href="https://airsonic.github.io/" target="_blank" rel="noopener noreferrer"><b>Airsonic</b></a></div>
 
 <script type="text/javascript">
   new MediaElementPlayer('player', {

airsonic-main/src/main/webapp/WEB-INF/jsp/help.jsp

@@ -41,8 +41,8 @@
     <tr><td class="ruleTableHeader"><fmt:message key="help.license.title"/></td><td class="ruleTableCell">
         <a href="http://www.gnu.org/copyleft/gpl.html" target="_blank"><img style="float:right;margin-left: 10px" alt="GPL 3.0" src="<c:url value="/icons/default_light/gpl.png"/>"></a>
         <fmt:message key="help.license.text"><fmt:param value="${model.brand}"/></fmt:message></td></tr>
-    <tr><td class="ruleTableHeader"><fmt:message key="help.homepage.title"/></td><td class="ruleTableCell"><a target="_blank" href="https://airsonic.github.io/">Airsonic website</a></td></tr>
-    <tr><td class="ruleTableHeader"><fmt:message key="help.forum.title"/></td><td class="ruleTableCell"><a target="_blank" href="https://www.reddit.com/r/airsonic">Airsonic on Reddit</a></td></tr>
+    <tr><td class="ruleTableHeader"><fmt:message key="help.homepage.title"/></td><td class="ruleTableCell"><a target="_blank" href="https://airsonic.github.io/" rel="noopener nofererrer">Airsonic website</a></td></tr>
+    <tr><td class="ruleTableHeader"><fmt:message key="help.forum.title"/></td><td class="ruleTableCell"><a target="_blank" href="https://www.reddit.com/r/airsonic" rel="noopener noreferrer">Airsonic on Reddit</a></td></tr>
     <tr><td class="ruleTableHeader"><fmt:message key="help.contact.title"/></td><td class="ruleTableCell"><fmt:message key="help.contact.text"><fmt:param value="${model.brand}"/></fmt:message></td></tr>
 </table>
 

airsonic-main/src/main/webapp/WEB-INF/jsp/more.jsp

@@ -263,7 +263,7 @@
     </form>
 </c:if>
 
-<a href="https://airsonic.github.io/docs/apps/" target="_blank"><img alt="Apps" src="<c:url value="/icons/default_light/apps.png"/>" style="float: right;margin-left: 3em; margin-right: 3em"/></a>
+<a href="https://airsonic.github.io/docs/apps/" target="_blank" rel="noopener noreferrer"><img alt="Apps" src="<c:url value="/icons/default_light/apps.png"/>" style="float: right;margin-left: 3em; margin-right: 3em"/></a>
 
 <h2>
     <img src="<spring:theme code="androidImage"/>" alt=""/>

airsonic-main/src/main/webapp/WEB-INF/jsp/transcodingSettings.jsp

@@ -88,7 +88,7 @@
     <p style="padding-top:0.75em">
         <input type="submit" value="<fmt:message key="common.save"/>" style="margin-right:0.3em">
         <a href='nowPlaying.view'><input type="button" value="<fmt:message key="common.cancel"/>" style="margin-right:1.3em"></a>
-        <a href="https://airsonic.github.io/docs/transcode/" target="_blank"><fmt:message key="transcodingsettings.recommended"/></a>
+        <a href="https://airsonic.github.io/docs/transcode/" target="_blank" rel="noopener noreferrer"><fmt:message key="transcodingsettings.recommended"/></a>
     </p>
 
 </form>