Merge pull request #6788 from staabm/master

Prevent XSS in links which open a new browser window
author: Lukas Reschke <lukas@statuscode.ch> 2017-11-08 18:55:35 +0100
committer: GitHub <noreply@github.com> 2017-11-08 18:55:35 +0100
commit: 8c915baa3438c26454b7614ea03d4dadabcda5d5 (patch)
tree: 9b800f157cae8c4cd841fdf8e757c3779300224d /apps/workflowengine
parent: d948626736e65051dfe1affc562710bfedf2eb4a (diff)
parent: db34b59238846e5ec046a456b4f76649321571d1 (diff)
download: nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.tar.gz
nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/workflowengine/templates/admin.php b/apps/workflowengine/templates/admin.php
index 4f4dab4043f..e9873f8f289 100644
--- a/apps/workflowengine/templates/admin.php
+++ b/apps/workflowengine/templates/admin.php
@@ -25,7 +25,7 @@
 <div id="<?php p($_['appid']); ?>" class="section workflowengine">
 	<h2 class="inlineblock"><?php p($_['heading']); ?></h2>
 	<?php if (!empty($_['docs'])): ?>
-		<a target="_blank" rel="noreferrer" class="icon-info svg"
+		<a target="_blank" rel="noreferrer noopener" class="icon-info svg"
 		   title="<?php p($l->t('Open documentation'));?>"
 		   href="<?php p(link_to_docs($_['docs'])); ?>">
 		</a>
author	Lukas Reschke <lukas@statuscode.ch>	2017-11-08 18:55:35 +0100
committer	GitHub <noreply@github.com>	2017-11-08 18:55:35 +0100
commit	8c915baa3438c26454b7614ea03d4dadabcda5d5 (patch)
tree	9b800f157cae8c4cd841fdf8e757c3779300224d /apps/workflowengine
parent	d948626736e65051dfe1affc562710bfedf2eb4a (diff)
parent	db34b59238846e5ec046a456b4f76649321571d1 (diff)
download	nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.tar.gz nextcloud-server-8c915baa3438c26454b7614ea03d4dadabcda5d5.zip