diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-05-10 17:34:00 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2016-05-10 17:34:00 +0200 |
| commit | 9a3c1c71824723d4b369df9b412fd0a7d6f08ac5 (patch) | |
| tree | 1af699d10e0e679129fee2f84d01f5d88fe46dad /templates | |
| parent | 1bc7a4907ac3f15f57a5076b4c74b887da0af204 (diff) | |
Fix window.opener vulnerability
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/index.php | 3 | ||||
| -rw-r--r-- | templates/part.content.cronwarning.php | 6 | ||||
| -rw-r--r-- | templates/part.content.explore.php | 4 | ||||
| -rw-r--r-- | templates/part.settings.php | 4 |
4 files changed, 12 insertions, 5 deletions
diff --git a/templates/index.php b/templates/index.php index b87908139..aa00aed2c 100644 --- a/templates/index.php +++ b/templates/index.php @@ -92,7 +92,8 @@ foreach (Plugin::getScripts() as $appName => $fileName) { <audio controls autoplay ng-src="{{ App.playingItem.enclosureLink|trustUrl }}" news-play-one></audio> <a class="button podcast-download" title="<?php p($l->t('Download')) ?>" ng-href="{{ App.playingItem.enclosureLink|trustUrl }}" - target="_blank"></a> + target="_blank" + rel="noreferrer"></a> <button class="podcast-close" title="<?php p($l->t('Close')) ?>" ng-click="App.playingItem = false"></button> </div> diff --git a/templates/part.content.cronwarning.php b/templates/part.content.cronwarning.php index 3adfee2b7..4e3222812 100644 --- a/templates/part.content.cronwarning.php +++ b/templates/part.content.cronwarning.php @@ -4,7 +4,8 @@ <ul> <li> <a href="https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/background_jobs_configuration.html#cron" - target="_blank"> + target="_blank" + rel="noreferrer"> <?php p($l->t('How to set up the operating system cron')); ?> @@ -12,7 +13,8 @@ </li> <li> <a href="https://github.com/owncloud/news-updater" - target="_blank"> + target="_blank" + rel="noreferrer"> <?php p($l->t('Install and set up a faster parallel updater that uses the News app\'s update API')); ?> diff --git a/templates/part.content.explore.php b/templates/part.content.explore.php index 3eab49751..e1871152c 100644 --- a/templates/part.content.explore.php +++ b/templates/part.content.explore.php @@ -25,7 +25,7 @@ <div class="grid-item-content"> <h1 ng-show="entry.favicon" ng-style="{ backgroundImage: 'url(' + entry.favicon + ')'}"> - <a target="_blank" ng-href="{{ entry.url }}">{{ entry.title }}</a> + <a target="_blank" rel="noreferrer" ng-href="{{ entry.url }}">{{ entry.title }}</a> </h1> <h1 ng-hide="entry.favicon" class="icon-rss"> {{ entry.title }} @@ -48,6 +48,6 @@ </div> <div class="explore-footer"> - <a target="_blank" href="https://github.com/owncloud/news/wiki/Explore-Feed-Section"><?php p($l->t('Got more awesome feeds? Share them with us!')) ?></a> + <a target="_blank" rel="noreferrer" href="https://github.com/owncloud/news/wiki/Explore-Feed-Section"><?php p($l->t('Got more awesome feeds? Share them with us!')) ?></a> </div> </div> diff --git a/templates/part.settings.php b/templates/part.settings.php index eaabb33b3..533fafda4 100644 --- a/templates/part.settings.php +++ b/templates/part.settings.php @@ -78,6 +78,7 @@ class="button icon-download svg button-icon-label" href="<?php p(\OCP\Util::linkToRoute('news.export.opml')); ?>" target="_blank" + rel="noreferrer" ng-hide="App.isFirstRun()"> </a> @@ -119,6 +120,7 @@ class="button icon-download svg button-icon-label" href="<?php p(\OCP\Util::linkToRoute('news.export.articles')); ?>" target="_blank" + rel="noreferrer" ng-hide="App.isFirstRun()"> </a> <button @@ -144,10 +146,12 @@ <p> <a target="_blank" + rel="noreferrer" href="https://github.com/owncloud/news/wiki"><?php p($l->t('Documentation')); ?></a> </p> <p> <a target="_blank" + rel="noreferrer" href="https://github.com/owncloud/news/issues/new"><?php p($l->t('Report a bug')); ?></a> </p> |