Prevent target='_blank' vulnerability on dynamic link

author: Jérémy DECOOL <[email protected]> 2017-02-12 11:01:36 +0100
committer: Jérémy DECOOL <[email protected]> 2017-02-12 11:01:36 +0100
commit: ba2853caac636d2ae596d74561fa0233567242d4 (patch)
tree: 9e46eabafcddd2e76cd0c8fc4c1498d0b1858757 /plugins
parent: 2187322caee25756d28983f069e291612023c6dc (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/plugins/af_psql_trgm/init.php b/plugins/af_psql_trgm/init.php
index 8c92be1ab..542cd720e 100644
--- a/plugins/af_psql_trgm/init.php
+++ b/plugins/af_psql_trgm/init.php
@@ -85,7 +85,7 @@ class Af_Psql_Trgm extends Plugin {
 				style='vertical-align : middle'>";
 
 			$article_link = htmlspecialchars($line["link"]);
-			print " <a target=\"_blank\" href=\"$article_link\">".
+			print " <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$article_link\">".
 				$line["title"]."</a>";
 
 			print " (<a href=\"#\" onclick=\"viewfeed({feed:".$line["feed_id"]."})\">".
diff --git a/plugins/share/init.php b/plugins/share/init.php
index 0f8f8fec1..a028c057b 100644
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -100,7 +100,7 @@ class Share extends Plugin {
 			$url_path .= "/public.php?op=share&key=$uuid";
 
 			print "<div class=\"tagCloudContainer\">";
-			print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
+			print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
 			print "</div>";
 
 			/* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
author	Jérémy DECOOL <[email protected]>	2017-02-12 11:01:36 +0100
committer	Jérémy DECOOL <[email protected]>	2017-02-12 11:01:36 +0100
commit	ba2853caac636d2ae596d74561fa0233567242d4 (patch)
tree	9e46eabafcddd2e76cd0c8fc4c1498d0b1858757 /plugins
parent	2187322caee25756d28983f069e291612023c6dc (diff)