diff options
| author |  Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
| 2016-09-07 14:35:51 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
| 2016-09-07 14:35:51 +0200 |
| commit | 8a776f146182bc6870702cfeb87041e3af66b24b (patch) | |
| tree | 5ababee81679d46f7f72d65920170e719fea12d1 /app/views/configure/sharing.phtml | |
| parent | 03211453704e90c85d5da3a9ef0553e49886de59 (diff) | |
Prevent a target _blank attacks with window.opener
https://mathiasbynens.github.io/rel-noopener/
noopener is implied by noreferrer
https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer
The API for window.open() does not seem stable yet
https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
Diffstat (limited to 'app/views/configure/sharing.phtml')
| -rw-r--r-- | app/views/configure/sharing.phtml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/app/views/configure/sharing.phtml b/app/views/configure/sharing.phtml index 0dad5bf6d..ffcfb8b29 100644 --- a/app/views/configure/sharing.phtml +++ b/app/views/configure/sharing.phtml @@ -13,7 +13,7 @@ <input type="text" id="share_##key##_name" name="share[##key##][name]" class="extend" value="" placeholder="<?php echo _t('conf.sharing.share_name'); ?>" size="64" /> <input type="url" id="share_##key##_url" name="share[##key##][url]" class="extend" value="" placeholder="<?php echo _t('conf.sharing.share_url'); ?>" size="64" /> <a href="#" class="remove btn btn-attention" data-remove="group-share-##key##"><?php echo _i('close'); ?></a></div> - <a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a> + <a target="_blank" rel="noreferrer" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a> </div></div>'> <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.sharing'); ?></legend> @@ -38,7 +38,7 @@ <a href='#' class='remove btn btn-attention' data-remove="group-share-<?php echo $key; ?>"><?php echo _i('close'); ?></a> </div> <?php if ($share->formType() === 'advanced') { ?> - <a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="<?php echo $share->help(); ?>"><?php echo _i('help'); ?></a> + <a target="_blank" rel="noreferrer" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="<?php echo $share->help(); ?>"><?php echo _i('help'); ?></a> <?php } ?> </div> </div> |