diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2017-11-08 18:55:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-08 18:55:35 +0100 |
| commit | 8c915baa3438c26454b7614ea03d4dadabcda5d5 (patch) | |
| tree | 9b800f157cae8c4cd841fdf8e757c3779300224d /apps/theming | |
| parent | d948626736e65051dfe1affc562710bfedf2eb4a (diff) | |
| parent | db34b59238846e5ec046a456b4f76649321571d1 (diff) | |
| download | nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.tar.gz nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.zip | |
Merge pull request #6788 from staabm/master
Prevent XSS in links which open a new browser window
Diffstat (limited to 'apps/theming')
| -rw-r--r-- | apps/theming/lib/ThemingDefaults.php | 2 | ||||
| -rw-r--r-- | apps/theming/tests/ThemingDefaultsTest.php | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/apps/theming/lib/ThemingDefaults.php b/apps/theming/lib/ThemingDefaults.php index 3d756bdffc8..eb1051b13c8 100644 --- a/apps/theming/lib/ThemingDefaults.php +++ b/apps/theming/lib/ThemingDefaults.php @@ -145,7 +145,7 @@ class ThemingDefaults extends \OC_Defaults { public function getShortFooter() { $slogan = $this->getSlogan(); $footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' . - ' rel="noreferrer">' .$this->getEntity() . '</a>'. + ' rel="noreferrer noopener">' .$this->getEntity() . '</a>'. ($slogan !== '' ? ' – ' . $slogan : ''); return $footer; diff --git a/apps/theming/tests/ThemingDefaultsTest.php b/apps/theming/tests/ThemingDefaultsTest.php index 1bc4dfc69dc..52bf88e51dd 100644 --- a/apps/theming/tests/ThemingDefaultsTest.php +++ b/apps/theming/tests/ThemingDefaultsTest.php @@ -223,7 +223,7 @@ class ThemingDefaultsTest extends TestCase { ['theming', 'slogan', $this->defaults->getSlogan(), 'Slogan'], ]); - $this->assertEquals('<a href="url" target="_blank" rel="noreferrer">Name</a> – Slogan', $this->template->getShortFooter()); + $this->assertEquals('<a href="url" target="_blank" rel="noreferrer noopener">Name</a> – Slogan', $this->template->getShortFooter()); } public function testGetShortFooterEmptySlogan() { @@ -236,7 +236,7 @@ class ThemingDefaultsTest extends TestCase { ['theming', 'slogan', $this->defaults->getSlogan(), ''], ]); - $this->assertEquals('<a href="url" target="_blank" rel="noreferrer">Name</a>', $this->template->getShortFooter()); + $this->assertEquals('<a href="url" target="_blank" rel="noreferrer noopener">Name</a>', $this->template->getShortFooter()); } public function testgetColorPrimaryWithDefault() { |