diff options
author | Andrew Dolgov <[email protected]> | 2017-02-12 14:19:37 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-02-12 14:19:37 +0300 |
commit | 3891782cf5fc20dc70e17c8665866aef6392233e (patch) | |
tree | 9e46eabafcddd2e76cd0c8fc4c1498d0b1858757 /plugins/share | |
parent | 2187322caee25756d28983f069e291612023c6dc (diff) | |
parent | ba2853caac636d2ae596d74561fa0233567242d4 (diff) |
Merge branch 'fix-target-blank-vulnerability' into 'master'
Prevent target='_blank' vulnerability on dynamic link
This merge request refere to https://tt-rss.org/forum/viewtopic.php?f=8&t=4048
It fix the issue I enconter on some feeds I follow.
Just need to add "noopener" and "noreferrer" on "_blank" link to avoid the vulnerability.
See merge request !46
Diffstat (limited to 'plugins/share')
-rw-r--r-- | plugins/share/init.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/share/init.php b/plugins/share/init.php index 0f8f8fec1..a028c057b 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -100,7 +100,7 @@ class Share extends Plugin { $url_path .= "/public.php?op=share&key=$uuid"; print "<div class=\"tagCloudContainer\">"; - print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>"; + print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>"; print "</div>"; /* if (!label_find_id(__('Shared'), $_SESSION["uid"])) |