Prevent target='_blank' vulnerability on dynamic link

author: Jérémy DECOOL <[email protected]> 2017-02-12 11:01:36 +0100
committer: Jérémy DECOOL <[email protected]> 2017-02-12 11:01:36 +0100
commit: ba2853caac636d2ae596d74561fa0233567242d4 (patch)
tree: 9e46eabafcddd2e76cd0c8fc4c1498d0b1858757 /include/feedbrowser.php
parent: 2187322caee25756d28983f069e291612023c6dc (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index 4772420ab..ec4efe15a 100644
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -59,12 +59,12 @@
 
 				$class = ($feedctr % 2) ? "even" : "odd";
 
-				$site_url = "<a target=\"_blank\"
+				$site_url = "<a target=\"_blank\" rel=\"noopener noreferrer\"
 							href=\"$site_url\">
 							<span class=\"fb_feedTitle\">".
 				htmlspecialchars($line["title"])."</span></a>";
 
-				$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
+				$feed_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" class=\"fb_feedUrl\"
 							href=\"$feed_url\"><img src='images/pub_set.png'
 							style='vertical-align : middle'></a>";
 
@@ -87,12 +87,12 @@
 					$archived = '';
 				}
 
-				$site_url = "<a target=\"_blank\"
+				$site_url = "<a target=\"_blank\" rel=\"noopener noreferrer\"
 							href=\"$site_url\">
 							<span class=\"fb_feedTitle\">".
 				htmlspecialchars($line["title"])."</span></a>";
 
-				$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
+				$feed_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" class=\"fb_feedUrl\"
 							href=\"$feed_url\"><img src='images/pub_set.png'
 							style='vertical-align : middle'></a>";
author	Jérémy DECOOL <[email protected]>	2017-02-12 11:01:36 +0100
committer	Jérémy DECOOL <[email protected]>	2017-02-12 11:01:36 +0100
commit	ba2853caac636d2ae596d74561fa0233567242d4 (patch)
tree	9e46eabafcddd2e76cd0c8fc4c1498d0b1858757 /include/feedbrowser.php
parent	2187322caee25756d28983f069e291612023c6dc (diff)