From 9a3c1c71824723d4b369df9b412fd0a7d6f08ac5 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Tue, 10 May 2016 17:34:00 +0200
Subject: Fix window.opener vulnerability

---
 templates/part.settings.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'templates/part.settings.php')

diff --git a/templates/part.settings.php b/templates/part.settings.php
index eaabb33b3..533fafda4 100644
--- a/templates/part.settings.php
+++ b/templates/part.settings.php
@@ -78,6 +78,7 @@
            class="button icon-download svg button-icon-label"
            href="<?php p(\OCP\Util::linkToRoute('news.export.opml')); ?>"
            target="_blank"
+           rel="noreferrer"
            ng-hide="App.isFirstRun()">
         </a>
 
@@ -119,6 +120,7 @@
            class="button icon-download svg button-icon-label"
            href="<?php p(\OCP\Util::linkToRoute('news.export.articles')); ?>"
            target="_blank"
+           rel="noreferrer"
            ng-hide="App.isFirstRun()">
         </a>
         <button
@@ -144,10 +146,12 @@
 
     <p>
         <a target="_blank"
+           rel="noreferrer"
            href="https://github.com/owncloud/news/wiki"><?php p($l->t('Documentation')); ?></a>
     </p>
     <p>
         <a target="_blank"
+           rel="noreferrer"
            href="https://github.com/owncloud/news/issues/new"><?php p($l->t('Report a bug')); ?></a>
     </p>
 
-- 
cgit v1.2.3