Merge pull request #6788 from staabm/master

Prevent XSS in links which open a new browser window

2 files changed, 2 insertions, 2 deletions

diff --git a/apps/user_ldap/templates/part.settingcontrols.php b/apps/user_ldap/templates/part.settingcontrols.php
index 3f7a53dd4dc..a418885f47e 100644
--- a/apps/user_ldap/templates/part.settingcontrols.php
+++ b/apps/user_ldap/templates/part.settingcontrols.php
@@ -3,7 +3,7 @@
 		<?php p($l->t('Test Configuration'));?>
 	</button>
 	<a href="<?php p(link_to_docs('admin-ldap')); ?>"
-		target="_blank" rel="noreferrer">
+		target="_blank" rel="noreferrer noopener">
 		<img src="<?php print_unescaped(image_path('', 'actions/info.svg')); ?>"
 			style="height:1.75ex" />
 		<?php p($l->t('Help'));?>
diff --git a/apps/user_ldap/templates/part.wizardcontrols.php b/apps/user_ldap/templates/part.wizardcontrols.php
index 2df1fd8d83f..89eb96827e6 100644
--- a/apps/user_ldap/templates/part.wizardcontrols.php
+++ b/apps/user_ldap/templates/part.wizardcontrols.php
@@ -9,7 +9,7 @@
 		<?php p($l->t('Continue'));?>
 	</button>
 	<a href="<?php p(link_to_docs('admin-ldap')); ?>"
-		target="_blank" rel="noreferrer">
+		target="_blank" rel="noreferrer noopener">
 		<img src="<?php print_unescaped(image_path('', 'actions/info.svg')); ?>"
 			style="height:1.75ex" />
 		<span class="ldap_grey"><?php p($l->t('Help'));?></span>