diff options
author | Andrew Dolgov <[email protected]> | 2017-02-08 15:07:05 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-02-08 15:07:05 +0300 |
commit | 829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 (patch) | |
tree | 799d6af792c6062b1b46ef1ef746e46159a6894e | |
parent | 23c8ef7e360816f6e6d03965303e6a26b54f2287 (diff) |
add some protection against opener attacks if external site is opened via window.open()
-rw-r--r-- | include/functions2.php | 4 | ||||
-rwxr-xr-x | js/functions.js | 12 | ||||
-rwxr-xr-x | js/viewfeed.js | 5 |
3 files changed, 16 insertions, 5 deletions
diff --git a/include/functions2.php b/include/functions2.php index 6017a78f8..6674c7734 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1957,7 +1957,7 @@ # $entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" . # $filename . " (" . $ctype . ")" . "</a>"; - $entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\" + $entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\" dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>"; array_push($entries_html, $entry); @@ -2038,7 +2038,7 @@ else $filename = ""; - $rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")' + $rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")' dojoType=\"dijit.MenuItem\">".$filename . $title."</div>"; }; diff --git a/js/functions.js b/js/functions.js index db18ac6dd..6ba0922aa 100755 --- a/js/functions.js +++ b/js/functions.js @@ -2064,9 +2064,17 @@ function getSelectionText() { return text.stripTags(); } +function openUrlPopup(url) { + var w = window.open(""); + + w.opener = null; + w.location = url; +} function openArticlePopup(id) { - window.open("backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + - "&csrf_token=" + getInitParam("csrf_token"), + var w = window.open("", "ttrss_article_popup", "height=900,width=900,resizable=yes,status=no,location=no,menubar=no,directories=no,scrollbars=yes,toolbar=no"); + + w.opener = null; + w.location = "backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + "&csrf_token=" + getInitParam("csrf_token"); }
\ No newline at end of file diff --git a/js/viewfeed.js b/js/viewfeed.js index 1f597e226..dfbf8bced 100755 --- a/js/viewfeed.js +++ b/js/viewfeed.js @@ -1729,7 +1729,10 @@ function hlClicked(event, id) { function openArticleInNewWindow(id) { toggleUnread(id, 0, false); - window.open("backend.php?op=article&method=redirect&id=" + id); + + var w = window.open(""); + w.opener = null; + w.location = "backend.php?op=article&method=redirect&id=" + id; } function isCdmMode() { |