Prevent a target _blank attacks with window.opener

https://mathiasbynens.github.io/rel-noopener/ noopener is implied by noreferrer https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer The API for window.open() does not seem stable yet https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
author: Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2016-09-07 14:35:51 +0200
committer: Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2016-09-07 14:35:51 +0200
commit: 8a776f146182bc6870702cfeb87041e3af66b24b (patch)
tree: 5ababee81679d46f7f72d65920170e719fea12d1 /app/layout/nav_menu.phtml
parent: 03211453704e90c85d5da3a9ef0553e49886de59 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index 23255f04f..d77c1abf9 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -152,7 +152,7 @@
 				$url_output['params']['token'] = FreshRSS_Context::$user_conf->token;
 			}
 		?>
-		<a class="view_rss btn" target="_blank" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>">
+		<a class="view_rss btn" target="_blank" rel="noreferrer" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>">
 			<?php echo _i('rss'); ?>
 		</a>
 	</div>
author	Alexandre Alapetite <alexandre.alapetite@alexandra.dk>	2016-09-07 14:35:51 +0200
committer	Alexandre Alapetite <alexandre.alapetite@alexandra.dk>	2016-09-07 14:35:51 +0200
commit	8a776f146182bc6870702cfeb87041e3af66b24b (patch)
tree	5ababee81679d46f7f72d65920170e719fea12d1 /app/layout/nav_menu.phtml
parent	03211453704e90c85d5da3a9ef0553e49886de59 (diff)