public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-24 13:01:28 +00:00
Code Issues Releases Wiki Activity

add some protection against opener attacks if external site is opened via window.open()

Browse Source
This commit is contained in:
Andrew Dolgov
2017-02-08 15:07:05 +03:00
parent 23c8ef7e36
commit 829d478f1b
3 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
js/viewfeed.js
View File

@@ -1729,7 +1729,10 @@ function hlClicked(event, id) {
function openArticleInNewWindow(id) {
toggleUnread(id, 0, false);
window.open("backend.php?op=article&method=redirect&id=" + id);
var w = window.open("");
w.opener = null;
w.location = "backend.php?op=article&method=redirect&id=" + id;
}
function isCdmMode() {