diff options
| author |  Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
| 2016-09-07 14:35:51 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
| 2016-09-07 14:35:51 +0200 |
| commit | 8a776f146182bc6870702cfeb87041e3af66b24b (patch) | |
| tree | 5ababee81679d46f7f72d65920170e719fea12d1 /app/views/helpers | |
| parent | 03211453704e90c85d5da3a9ef0553e49886de59 (diff) | |
Prevent a target _blank attacks with window.opener
https://mathiasbynens.github.io/rel-noopener/
noopener is implied by noreferrer
https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer
The API for window.open() does not seem stable yet
https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
Diffstat (limited to 'app/views/helpers')
| -rw-r--r-- | app/views/helpers/feed/update.phtml | 6 | ||||
| -rw-r--r-- | app/views/helpers/index/normal/entry_bottom.phtml | 4 | ||||
| -rw-r--r-- | app/views/helpers/index/normal/entry_header.phtml | 4 |
3 files changed, 7 insertions, 7 deletions
diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml index b7e8f68cd..bf87a255a 100644 --- a/app/views/helpers/feed/update.phtml +++ b/app/views/helpers/feed/update.phtml @@ -37,7 +37,7 @@ <div class="group-controls"> <div class="stick"> <input type="text" name="website" id="website" class="extend" value="<?php echo $this->feed->website(); ?>" /> - <a class="btn" target="_blank" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a> </div> </div> </div> @@ -46,10 +46,10 @@ <div class="group-controls"> <div class="stick"> <input type="text" name="url" id="url" class="extend" value="<?php echo $this->feed->url(); ?>" /> - <a class="btn" target="_blank" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a> </div> - <a class="btn" target="_blank" href="http://validator.w3.org/feed/check.cgi?url=<?php echo rawurlencode(htmlspecialchars_decode($this->feed->url(), ENT_QUOTES)); ?>"><?php echo _t('sub.feed.validator'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="http://validator.w3.org/feed/check.cgi?url=<?php echo rawurlencode(htmlspecialchars_decode($this->feed->url(), ENT_QUOTES)); ?>"><?php echo _t('sub.feed.validator'); ?></a> </div> </div> <div class="form-group"> diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml index 3af7436c3..a9d5a80ca 100644 --- a/app/views/helpers/index/normal/entry_bottom.phtml +++ b/app/views/helpers/index/normal/entry_bottom.phtml @@ -52,7 +52,7 @@ $share_options['title'] = $title; $share->update($share_options); ?><li class="item share"> - <a target="_blank" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a> + <a target="_blank" rel="noreferrer" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a> </li><?php } ?></ul> @@ -81,6 +81,6 @@ ?><li class="item date"><?php echo $this->entry->date(); ?></li><?php } if ($bottomline_link) { - ?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php + ?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?> </ul> diff --git a/app/views/helpers/index/normal/entry_header.phtml b/app/views/helpers/index/normal/entry_header.phtml index dc544298f..86298e59f 100644 --- a/app/views/helpers/index/normal/entry_header.phtml +++ b/app/views/helpers/index/normal/entry_header.phtml @@ -27,7 +27,7 @@ } } ?><li class="item website"><a href="<?php echo _url('index', 'index', 'get', 'f_' . $this->feed->id()); ?>"><img class="favicon" src="<?php echo $this->feed->favicon(); ?>" alt="✇" /> <span><?php echo $this->feed->name(); ?></span></a></li> - <li class="item title"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li> + <li class="item title"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li> <?php if ($topline_date) { ?><li class="item date"><?php echo $this->entry->date(); ?> </li><?php } ?> - <?php if ($topline_link) { ?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?> + <?php if ($topline_link) { ?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?> </ul> |