public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 17:35:56 +00:00
Code Issues Releases Wiki Activity

Prevent target='_blank' vulnerability on dynamic link

Browse Source
This commit is contained in:
Jérémy DECOOL
2017-02-12 11:01:36 +01:00
parent 2187322cae
commit ba2853caac
6 changed files with 25 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/af_psql_trgm/init.php
View File

@@ -85,7 +85,7 @@ class Af_Psql_Trgm extends Plugin {
style='vertical-align : middle'>";
$article_link = htmlspecialchars($line["link"]);
print " <a target=\"_blank\" href=\"$article_link\">".
print " <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$article_link\">".
$line["title"]."</a>";
print " (<a href=\"#\" onclick=\"viewfeed({feed:".$line["feed_id"]."})\">".

2
plugins/share/init.php
View File

@@ -100,7 +100,7 @@ class Share extends Plugin {
$url_path .= "/public.php?op=share&key=$uuid";
print "<div class=\"tagCloudContainer\">";
print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
print "</div>";
/* if (!label_find_id(__('Shared'), $_SESSION["uid"]))