diff options
author | Markus Staab <markus.staab@redaxo.de> | 2017-10-19 12:16:04 +0200 |
---|---|---|
committer | Markus Staab <markus.staab@redaxo.de> | 2017-10-19 12:16:04 +0200 |
commit | db34b59238846e5ec046a456b4f76649321571d1 (patch) | |
tree | 3efe5a2c81888f6440c43ba6450998f6434ba7ea /core/templates | |
parent | 8e25df9690a4d953721dcdc8e61038b332774a10 (diff) | |
download | nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip |
Prevent XSS in links which open a new browser window
Diffstat (limited to 'core/templates')
-rw-r--r-- | core/templates/installation.php | 6 | ||||
-rw-r--r-- | core/templates/layout.noscript.warning.php | 2 | ||||
-rw-r--r-- | core/templates/update.use-cli.php | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/core/templates/installation.php b/core/templates/installation.php index 6a0e3f93857..0d274f0f881 100644 --- a/core/templates/installation.php +++ b/core/templates/installation.php @@ -30,7 +30,7 @@ script('core', [ <legend><strong><?php p($l->t('Security warning'));?></strong></legend> <p><?php p($l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.'));?><br> <?php print_unescaped($l->t( - 'For information how to properly configure your server, please see the <a href="%s" target="_blank" rel="noreferrer">documentation</a>.', + 'For information how to properly configure your server, please see the <a href="%s" target="_blank" rel="noreferrer noopener">documentation</a>.', link_to_docs('admin-install') )); ?></p> </fieldset> @@ -84,7 +84,7 @@ script('core', [ <p class="info"> <?php p($l->t( 'Only %s is available.', array($label) )); ?> <?php p($l->t( 'Install and activate additional PHP modules to choose other database types.' )); ?><br> - <a href="<?php print_unescaped(link_to_docs('admin-source_install')); ?>" target="_blank" rel="noreferrer"> + <a href="<?php print_unescaped(link_to_docs('admin-source_install')); ?>" target="_blank" rel="noreferrer noopener"> <?php p($l->t( 'For more details check out the documentation.' )); ?> ↗</a> </p> <input type="hidden" id="dbtype" name="dbtype" value="<?php p($type) ?>"> @@ -166,6 +166,6 @@ script('core', [ <p class="info"> <span class="icon-info-white"></span> <?php p($l->t('Need help?'));?> - <a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-install')); ?>"><?php p($l->t('See the documentation'));?> ↗</a> + <a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-install')); ?>"><?php p($l->t('See the documentation'));?> ↗</a> </p> </form> diff --git a/core/templates/layout.noscript.warning.php b/core/templates/layout.noscript.warning.php index c7776bd33c4..7d7a32bfbf4 100644 --- a/core/templates/layout.noscript.warning.php +++ b/core/templates/layout.noscript.warning.php @@ -3,7 +3,7 @@ <div> <?php print_unescaped(str_replace( ['{linkstart}', '{linkend}'], - ['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer">', '</a>'], + ['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">', '</a>'], $l->t('This application requires JavaScript for correct operation. Please {linkstart}enable JavaScript{linkend} and reload the page.') )); ?> </div> diff --git a/core/templates/update.use-cli.php b/core/templates/update.use-cli.php index d30e15c8573..06d7e284907 100644 --- a/core/templates/update.use-cli.php +++ b/core/templates/update.use-cli.php @@ -8,7 +8,7 @@ p($l->t('Please use the command line updater because automatic updating is disabled in the config.php.')); } ?><br><br> <?php - print_unescaped($l->t('For help, see the <a target="_blank" rel="noreferrer" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br> + print_unescaped($l->t('For help, see the <a target="_blank" rel="noreferrer noopener" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br> </div> </div> |