Prevent XSS in links which open a new browser window

author: Markus Staab <markus.staab@redaxo.de> 2017-10-19 12:16:04 +0200
committer: Markus Staab <markus.staab@redaxo.de> 2017-10-19 12:16:04 +0200
commit: db34b59238846e5ec046a456b4f76649321571d1 (patch)
tree: 3efe5a2c81888f6440c43ba6450998f6434ba7ea /core/templates/layout.noscript.warning.php
parent: 8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
download: nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz
nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/core/templates/layout.noscript.warning.php b/core/templates/layout.noscript.warning.php
index c7776bd33c4..7d7a32bfbf4 100644
--- a/core/templates/layout.noscript.warning.php
+++ b/core/templates/layout.noscript.warning.php
@@ -3,7 +3,7 @@
 		<div>
 			<?php print_unescaped(str_replace(
 					['{linkstart}', '{linkend}'],
-					['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer">', '</a>'],
+					['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">', '</a>'],
 					$l->t('This application requires JavaScript for correct operation. Please {linkstart}enable JavaScript{linkend} and reload the page.')
 				)); ?>
 		</div>
author	Markus Staab <markus.staab@redaxo.de>	2017-10-19 12:16:04 +0200
committer	Markus Staab <markus.staab@redaxo.de>	2017-10-19 12:16:04 +0200
commit	db34b59238846e5ec046a456b4f76649321571d1 (patch)
tree	3efe5a2c81888f6440c43ba6450998f6434ba7ea /core/templates/layout.noscript.warning.php
parent	8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
download	nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip