Prevent XSS in links which open a new browser window

author: Markus Staab <markus.staab@redaxo.de> 2017-10-19 12:16:04 +0200
committer: Markus Staab <markus.staab@redaxo.de> 2017-10-19 12:16:04 +0200
commit: db34b59238846e5ec046a456b4f76649321571d1 (patch)
tree: 3efe5a2c81888f6440c43ba6450998f6434ba7ea /apps/files/templates
parent: 8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
download: nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz
nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files/templates/appnavigation.php b/apps/files/templates/appnavigation.php
index 6a7b4e4b11e..f3bf0334b55 100644
--- a/apps/files/templates/appnavigation.php
+++ b/apps/files/templates/appnavigation.php
@@ -42,7 +42,7 @@
 			</div>
 			<label for="webdavurl"><?php p($l->t('WebDAV'));?></label>
 			<input id="webdavurl" type="text" readonly="readonly" value="<?php p(\OCP\Util::linkToRemote('webdav')); ?>" />
-			<em><?php print_unescaped($l->t('Use this address to <a href="%s" target="_blank" rel="noreferrer">access your Files via WebDAV</a>', array(link_to_docs('user-webdav'))));?></em>
+			<em><?php print_unescaped($l->t('Use this address to <a href="%s" target="_blank" rel="noreferrer noopener">access your Files via WebDAV</a>', array(link_to_docs('user-webdav'))));?></em>
 		</div>
 	</div>
 </div>
author	Markus Staab <markus.staab@redaxo.de>	2017-10-19 12:16:04 +0200
committer	Markus Staab <markus.staab@redaxo.de>	2017-10-19 12:16:04 +0200
commit	db34b59238846e5ec046a456b4f76649321571d1 (patch)
tree	3efe5a2c81888f6440c43ba6450998f6434ba7ea /apps/files/templates
parent	8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
download	nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip