Add some security headers

src/site/pug/home.pug

@@ -51,14 +51,14 @@ html
 				ul
 					-
 						const links = [
-							["https://github.com/cloudrac3r/bibliogram", "GitHub repository"],
+							["https://github.com/cloudrac3r/bibliogram", "GitHub repository", "noopener"],
 							["https://matrix.to/#/#bibliogram:matrix.org", "Discussion room on Matrix"],
-							["https://github.com/cloudrac3r/bibliogram/wiki/Instances", "Other Bibliogram instances"],
+							["https://github.com/cloudrac3r/bibliogram/wiki/Instances", "Other Bibliogram instances", "noopener"],
 							["https://github.com/cloudrac3r/bibliogram/projects/1?fullscreen=true", "Project roadmap"],
 							["https://cadence.moe/about/contact", "Contact the developer"]
 						]
 					each entry in links
-						li: a(href!=entry[0] target="_blank" rel="noopener noreferrer")= entry[1]
+						li: a(href!=entry[0] target="_blank" rel=(entry[2] || "noopener noreferrer"))= entry[1]
 
 				if constants.featured_profiles.length
 					.featured-profiles#featured-profiles

src/site/pug/settings.pug

@@ -33,11 +33,7 @@ html
 	body.settings-page
 		if status && message
 			.status-notice(class=status)= message
-			script.
-				const params = new URLSearchParams(window.location.search)
-				params.delete("status")
-				params.delete("message")
-				history.replaceState(null, "", "?" + params.toString())
+			script(src=getStaticURL("html", "/static/js/settings_message.js") type="module")
 		main.settings
 			form(action=returnAction method="post" enctype="application/x-www-form-urlencoded")
 				input(type="hidden" name="csrf" value=csrf)