From ba2853caac636d2ae596d74561fa0233567242d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20DECOOL?= <contact@jdecool.fr>
Date: Sun, 12 Feb 2017 11:01:36 +0100
Subject: Prevent target='_blank' vulnerability on dynamic link

---
 plugins/share/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/share')

diff --git a/plugins/share/init.php b/plugins/share/init.php
index 0f8f8fec1..a028c057b 100644
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -100,7 +100,7 @@ class Share extends Plugin {
 			$url_path .= "/public.php?op=share&key=$uuid";
 
 			print "<div class=\"tagCloudContainer\">";
-			print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
+			print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
 			print "</div>";
 
 			/* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
-- 
cgit v1.2.3