From 8a776f146182bc6870702cfeb87041e3af66b24b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Wed, 7 Sep 2016 14:35:51 +0200
Subject: Prevent a target _blank attacks with window.opener

https://mathiasbynens.github.io/rel-noopener/
noopener is implied by noreferrer
https://html.spec.whatwg.org/multipage/semantics.html#link-type-noreferrer
The API for window.open() does not seem stable yet
https://bugzilla.mozilla.org/show_bug.cgi?id=1267339
---
 app/views/helpers/index/normal/entry_header.phtml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/views/helpers/index/normal/entry_header.phtml')

diff --git a/app/views/helpers/index/normal/entry_header.phtml b/app/views/helpers/index/normal/entry_header.phtml
index dc544298f..86298e59f 100644
--- a/app/views/helpers/index/normal/entry_header.phtml
+++ b/app/views/helpers/index/normal/entry_header.phtml
@@ -27,7 +27,7 @@
 		}
 	}
 	?><li class="item website"><a href="<?php echo _url('index', 'index', 'get', 'f_' . $this->feed->id()); ?>"><img class="favicon" src="<?php echo $this->feed->favicon(); ?>" alt="✇" /> <span><?php echo $this->feed->name(); ?></span></a></li>
-	<li class="item title"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li>
+	<li class="item title"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li>
 	<?php if ($topline_date) { ?><li class="item date"><?php echo $this->entry->date(); ?> </li><?php } ?>
-	<?php if ($topline_link) { ?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?>
+	<?php if ($topline_link) { ?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?>
 </ul>
-- 
cgit v1.2.3