From 829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@madoka.volgo-balt.ru>
Date: Wed, 8 Feb 2017 15:07:05 +0300
Subject: add some protection against opener attacks if external site is opened
 via window.open()

---
 js/viewfeed.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'js/viewfeed.js')

diff --git a/js/viewfeed.js b/js/viewfeed.js
index 1f597e226..dfbf8bced 100755
--- a/js/viewfeed.js
+++ b/js/viewfeed.js
@@ -1729,7 +1729,10 @@ function hlClicked(event, id) {
 
 function openArticleInNewWindow(id) {
 	toggleUnread(id, 0, false);
-	window.open("backend.php?op=article&method=redirect&id=" + id);
+
+	var w = window.open("");
+	w.opener = null;
+	w.location = "backend.php?op=article&method=redirect&id=" + id;
 }
 
 function isCdmMode() {
-- 
cgit v1.2.3