add some protection against opener attacks if external site is opened via window.open()

author: Andrew Dolgov <[email protected]> 2017-02-08 15:07:05 +0300
committer: Andrew Dolgov <[email protected]> 2017-02-08 15:07:05 +0300
commit: 829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 (patch)
tree: 799d6af792c6062b1b46ef1ef746e46159a6894e /js
parent: 23c8ef7e360816f6e6d03965303e6a26b54f2287 (diff)
2 files changed, 14 insertions, 3 deletions
diff --git a/js/functions.js b/js/functions.js
index db18ac6dd..6ba0922aa 100755
--- a/js/functions.js
+++ b/js/functions.js
@@ -2064,9 +2064,17 @@ function getSelectionText() {
 	return text.stripTags();
 }
 
+function openUrlPopup(url) {
+	var w = window.open("");
+
+	w.opener = null;
+	w.location = url;
+}
 function openArticlePopup(id) {
-	window.open("backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id +
-		"&csrf_token=" + getInitParam("csrf_token"),
+	var w = window.open("",
 		"ttrss_article_popup",
 		"height=900,width=900,resizable=yes,status=no,location=no,menubar=no,directories=no,scrollbars=yes,toolbar=no");
+
+	w.opener = null;
+	w.location = "backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + "&csrf_token=" + getInitParam("csrf_token");
 }
 \ No newline at end of file
diff --git a/js/viewfeed.js b/js/viewfeed.js
index 1f597e226..dfbf8bced 100755
--- a/js/viewfeed.js
+++ b/js/viewfeed.js
@@ -1729,7 +1729,10 @@ function hlClicked(event, id) {
 
 function openArticleInNewWindow(id) {
 	toggleUnread(id, 0, false);
-	window.open("backend.php?op=article&method=redirect&id=" + id);
+
+	var w = window.open("");
+	w.opener = null;
+	w.location = "backend.php?op=article&method=redirect&id=" + id;
 }
 
 function isCdmMode() {
author	Andrew Dolgov <[email protected]>	2017-02-08 15:07:05 +0300
committer	Andrew Dolgov <[email protected]>	2017-02-08 15:07:05 +0300
commit	829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 (patch)
tree	799d6af792c6062b1b46ef1ef746e46159a6894e /js
parent	23c8ef7e360816f6e6d03965303e6a26b54f2287 (diff)