From 8a776f146182bc6870702cfeb87041e3af66b24b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Wed, 7 Sep 2016 14:35:51 +0200
Subject: Prevent a target _blank attacks with window.opener

https://mathiasbynens.github.io/rel-noopener/
noopener is implied by noreferrer
https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer
The API for window.open() does not seem stable yet
https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
---
 app/views/helpers/index/normal/entry_bottom.phtml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/views/helpers/index/normal/entry_bottom.phtml')

diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml
index 3af7436c3..a9d5a80ca 100644
--- a/app/views/helpers/index/normal/entry_bottom.phtml
+++ b/app/views/helpers/index/normal/entry_bottom.phtml
@@ -52,7 +52,7 @@
 						$share_options['title'] = $title;
 						$share->update($share_options);
 				?><li class="item share">
-					<a target="_blank" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a>
+					<a target="_blank" rel="noreferrer" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a>
 				</li><?php
 					}
 			?></ul>
@@ -81,6 +81,6 @@
 		?><li class="item date"><?php echo $this->entry->date(); ?></li><?php
 	}
 	if ($bottomline_link) {
-		?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php
+		?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php
 	} ?>
 </ul>
-- 
cgit v1.2.3