Prevent a target _blank attacks with window.opener

https://mathiasbynens.github.io/rel-noopener/ noopener is implied by noreferrer https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer The API for window.open() does not seem stable yet https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
author: Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2016-09-07 14:35:51 +0200
committer: Alexandre Alapetite <alexandre.alapetite@alexandra.dk> 2016-09-07 14:35:51 +0200
commit: 8a776f146182bc6870702cfeb87041e3af66b24b (patch)
tree: 5ababee81679d46f7f72d65920170e719fea12d1 /app/views/feed/add.phtml
parent: 03211453704e90c85d5da3a9ef0553e49886de59 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/app/views/feed/add.phtml b/app/views/feed/add.phtml
index caf685d79..5cd59d298 100644
--- a/app/views/feed/add.phtml
+++ b/app/views/feed/add.phtml
@@ -30,7 +30,7 @@
 			<label class="group-name"><?php echo _t('sub.feed.website'); ?></label>
 			<div class="group-controls">
 				<?php echo $this->feed->website(); ?>
-				<a class="btn" target="_blank" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a>
+				<a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a>
 			</div>
 		</div>
 		<?php } ?>
@@ -40,9 +40,9 @@
 			<div class="group-controls">
 				<div class="stick">
 					<input type="text" name="url_rss" id="url" class="extend" value="<?php echo $this->feed->url(); ?>" />
-					<a class="btn" target="_blank" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a>
+					<a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a>
 				</div>
-				<a class="btn" target="_blank" href="http://validator.w3.org/feed/check.cgi?url=<?php echo $this->feed->url(); ?>"><?php echo _t('sub.feed.validator'); ?></a>
+				<a class="btn" target="_blank" rel="noreferrer" href="http://validator.w3.org/feed/check.cgi?url=<?php echo $this->feed->url(); ?>"><?php echo _t('sub.feed.validator'); ?></a>
 			</div>
 		</div>
 		<div class="form-group">
author	Alexandre Alapetite <alexandre.alapetite@alexandra.dk>	2016-09-07 14:35:51 +0200
committer	Alexandre Alapetite <alexandre.alapetite@alexandra.dk>	2016-09-07 14:35:51 +0200
commit	8a776f146182bc6870702cfeb87041e3af66b24b (patch)
tree	5ababee81679d46f7f72d65920170e719fea12d1 /app/views/feed/add.phtml
parent	03211453704e90c85d5da3a9ef0553e49886de59 (diff)