diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-05-10 17:34:00 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-05-10 17:34:00 +0200 |
| commit | 9a3c1c71824723d4b369df9b412fd0a7d6f08ac5 (patch) | |
| tree | 1af699d10e0e679129fee2f84d01f5d88fe46dad /templates/index.php | |
| parent | 1bc7a4907ac3f15f57a5076b4c74b887da0af204 (diff) | |
Fix window.opener vulnerability
Diffstat (limited to 'templates/index.php')
| -rw-r--r-- | templates/index.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/templates/index.php b/templates/index.php index b87908139..aa00aed2c 100644 --- a/templates/index.php +++ b/templates/index.php @@ -92,7 +92,8 @@ foreach (Plugin::getScripts() as $appName => $fileName) { <audio controls autoplay ng-src="{{ App.playingItem.enclosureLink|trustUrl }}" news-play-one></audio> <a class="button podcast-download" title="<?php p($l->t('Download')) ?>" ng-href="{{ App.playingItem.enclosureLink|trustUrl }}" - target="_blank"></a> + target="_blank" + rel="noreferrer"></a> <button class="podcast-close" title="<?php p($l->t('Close')) ?>" ng-click="App.playingItem = false"></button> </div> |