public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 08:15:55 +00:00
Code Issues Releases Wiki Activity

Prevent target='_blank' vulnerability on dynamic link

Browse Source
This commit is contained in:
Jérémy DECOOL
2017-02-12 11:01:36 +01:00
parent 2187322cae
commit ba2853caac
6 changed files with 25 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/share/init.php
View File

@@ -100,7 +100,7 @@ class Share extends Plugin {
$url_path .= "/public.php?op=share&key=$uuid";
print "<div class=\"tagCloudContainer\">";
print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
print "</div>";
/* if (!label_find_id(__('Shared'), $_SESSION["uid"]))