Prevent window opener vulnerability with space shortcut (#2506) - FreshRSS (Customized) - Customized version of FreshRSS, a self-hosted RSS feed aggregator

diff options

author	ArthurHoaro <arthur@hoa.ro>	2019-08-21 21:14:22 +0200
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2019-08-21 21:14:22 +0200
commit	3f8804f54f8426961a31287fb8e9a3d8f8f84b4d (patch)
tree	1fef3d139b0a6345d5353dc6379b17f9f5b81a71 /app/SQL/install.sql.mysql.php
parent	0ec7f53153395b788ba30bedfe3e9ab98684385e (diff)

Prevent window opener vulnerability with space shortcut (#2506)

* Prevent window opener vulnerability with space shortcut This change fixes a vulnerability introduced by `window.open()` on untrusted sources. It reproduces the effect of `rel="noreferrer"` with JS. Cross browser solution from: https://stackoverflow.com/a/40593743 ## Reproduction > tested with Firefox 68 1. Add this RSS feed 2. Open the 2nd link "À propos de la faille de sécurité liée à target="_blank" **using the space key shortcut**. 3. Click on the first of three links "http://bookmarks.ecyseo.net" Current behaviour: the FreshRSS tab changes. Expected behaviour: no effect on FreshRSS * Test for popup blockers

Diffstat (limited to 'app/SQL/install.sql.mysql.php')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: