public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 22:15:56 +00:00
Code Issues Releases Wiki Activity

add some protection against opener attacks if external site is opened via window.open()

Browse Source
This commit is contained in:
Andrew Dolgov
2017-02-08 15:07:05 +03:00
parent 23c8ef7e36
commit 829d478f1b
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
js/functions.js
View File

@@ -2064,9 +2064,17 @@ function getSelectionText() {
return text.stripTags();
}
function openUrlPopup(url) {
var w = window.open("");
w.opener = null;
w.location = url;
}
function openArticlePopup(id) {
window.open("backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id +
"&csrf_token=" + getInitParam("csrf_token"),
var w = window.open("",
"ttrss_article_popup",
"height=900,width=900,resizable=yes,status=no,location=no,menubar=no,directories=no,scrollbars=yes,toolbar=no");
w.opener = null;
w.location = "backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + "&csrf_token=" + getInitParam("csrf_token");
}