public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-16 03:16:01 +00:00
Code Issues Releases Wiki Activity

add some protection against opener attacks if external site is opened via window.open()

Browse Source
This commit is contained in:
Andrew Dolgov
2017-02-08 15:07:05 +03:00
parent 23c8ef7e36
commit 829d478f1b
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/functions2.php
View File

@@ -1957,7 +1957,7 @@
# $entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
# $filename . " (" . $ctype . ")" . "</a>";
$entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\"
$entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\"
dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>";
array_push($entries_html, $entry);
@@ -2038,7 +2038,7 @@
else
$filename = "";
$rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")'
$rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")'
dojoType=\"dijit.MenuItem\">".$filename . $title."</div>";
};