From 9a3c1c71824723d4b369df9b412fd0a7d6f08ac5 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Tue, 10 May 2016 17:34:00 +0200
Subject: Fix window.opener vulnerability

---
 templates/index.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'templates/index.php')

diff --git a/templates/index.php b/templates/index.php
index b87908139..aa00aed2c 100644
--- a/templates/index.php
+++ b/templates/index.php
@@ -92,7 +92,8 @@ foreach (Plugin::getScripts() as $appName => $fileName) {
             <audio controls autoplay ng-src="{{ App.playingItem.enclosureLink|trustUrl }}" news-play-one></audio>
             <a class="button podcast-download" title="<?php p($l->t('Download')) ?>"
                 ng-href="{{ App.playingItem.enclosureLink|trustUrl }}"
-                target="_blank"></a>
+                target="_blank"
+                rel="noreferrer"></a>
             <button class="podcast-close" title="<?php p($l->t('Close')) ?>"
                 ng-click="App.playingItem = false"></button>
         </div>
-- 
cgit v1.2.3