Prevent target='_blank' vulnerability on dynamic link

2025-12-13 08:45:56 +00:00 · 2017-02-12 11:01:36 +01:00
parent 2187322cae
commit ba2853caac
6 changed files with 25 additions and 23 deletions
--- a/plugins/af_psql_trgm/init.php
+++ b/plugins/af_psql_trgm/init.php
@@ -85,7 +85,7 @@ class Af_Psql_Trgm extends Plugin {
 				style='vertical-align : middle'>";

 			$article_link = htmlspecialchars($line["link"]);
-			print " <a target=\"_blank\" href=\"$article_link\">".
+			print " <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$article_link\">".
 				$line["title"]."</a>";

 			print " (<a href=\"#\" onclick=\"viewfeed({feed:".$line["feed_id"]."})\">".