From 8a776f146182bc6870702cfeb87041e3af66b24b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Wed, 7 Sep 2016 14:35:51 +0200
Subject: Prevent a target _blank attacks with window.opener

https://mathiasbynens.github.io/rel-noopener/
noopener is implied by noreferrer
https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer
The API for window.open() does not seem stable yet
https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
---
 app/layout/nav_menu.phtml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/layout/nav_menu.phtml')

diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index 23255f04f..d77c1abf9 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -152,7 +152,7 @@
 				$url_output['params']['token'] = FreshRSS_Context::$user_conf->token;
 			}
 		?>
-		<a class="view_rss btn" target="_blank" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>">
+		<a class="view_rss btn" target="_blank" rel="noreferrer" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>">
 			<?php echo _i('rss'); ?>
 		</a>
 	</div>
-- 
cgit v1.2.3