diff options
author | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-05-10 17:34:00 +0200 |
---|---|---|
committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-05-10 17:34:00 +0200 |
commit | 9a3c1c71824723d4b369df9b412fd0a7d6f08ac5 (patch) | |
tree | 1af699d10e0e679129fee2f84d01f5d88fe46dad /js/gui | |
parent | 1bc7a4907ac3f15f57a5076b4c74b887da0af204 (diff) |
Fix window.opener vulnerability
Diffstat (limited to 'js/gui')
-rw-r--r-- | js/gui/KeyboardShortcuts.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/js/gui/KeyboardShortcuts.js b/js/gui/KeyboardShortcuts.js index c90f3bc70..9e32a15b3 100644 --- a/js/gui/KeyboardShortcuts.js +++ b/js/gui/KeyboardShortcuts.js @@ -263,7 +263,9 @@ var openLink = function (scrollArea) { onActiveItem(scrollArea, function (item) { item.trigger('click'); // mark read - window.open(item.find('.external:visible').attr('href'), '_blank'); + var url = item.find('.external:visible').attr('href'); + var newWindow = window.open(url, '_blank'); + newWindow.opener = null; }); }; |