diff options
author | Jérémy DECOOL <[email protected]> | 2017-02-12 11:01:36 +0100 |
---|---|---|
committer | Jérémy DECOOL <[email protected]> | 2017-02-12 11:01:36 +0100 |
commit | ba2853caac636d2ae596d74561fa0233567242d4 (patch) | |
tree | 9e46eabafcddd2e76cd0c8fc4c1498d0b1858757 /include/feedbrowser.php | |
parent | 2187322caee25756d28983f069e291612023c6dc (diff) |
Prevent target='_blank' vulnerability on dynamic link
Diffstat (limited to 'include/feedbrowser.php')
-rw-r--r-- | include/feedbrowser.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/include/feedbrowser.php b/include/feedbrowser.php index 4772420ab..ec4efe15a 100644 --- a/include/feedbrowser.php +++ b/include/feedbrowser.php @@ -59,12 +59,12 @@ $class = ($feedctr % 2) ? "even" : "odd"; - $site_url = "<a target=\"_blank\" + $site_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$site_url\"> <span class=\"fb_feedTitle\">". htmlspecialchars($line["title"])."</span></a>"; - $feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\" + $feed_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" class=\"fb_feedUrl\" href=\"$feed_url\"><img src='images/pub_set.png' style='vertical-align : middle'></a>"; @@ -87,12 +87,12 @@ $archived = ''; } - $site_url = "<a target=\"_blank\" + $site_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$site_url\"> <span class=\"fb_feedTitle\">". htmlspecialchars($line["title"])."</span></a>"; - $feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\" + $feed_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" class=\"fb_feedUrl\" href=\"$feed_url\"><img src='images/pub_set.png' style='vertical-align : middle'></a>"; |