aboutsummaryrefslogtreecommitdiffstats
path: root/core/templates
diff options
context:
space:
mode:
authorMarkus Staab <markus.staab@redaxo.de>2017-10-19 12:16:04 +0200
committerMarkus Staab <markus.staab@redaxo.de>2017-10-19 12:16:04 +0200
commitdb34b59238846e5ec046a456b4f76649321571d1 (patch)
tree3efe5a2c81888f6440c43ba6450998f6434ba7ea /core/templates
parent8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
downloadnextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz
nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip
Prevent XSS in links which open a new browser window
Diffstat (limited to 'core/templates')
-rw-r--r--core/templates/installation.php6
-rw-r--r--core/templates/layout.noscript.warning.php2
-rw-r--r--core/templates/update.use-cli.php2
3 files changed, 5 insertions, 5 deletions
diff --git a/core/templates/installation.php b/core/templates/installation.php
index 6a0e3f93857..0d274f0f881 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -30,7 +30,7 @@ script('core', [
<legend><strong><?php p($l->t('Security warning'));?></strong></legend>
<p><?php p($l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.'));?><br>
<?php print_unescaped($l->t(
- 'For information how to properly configure your server, please see the <a href="%s" target="_blank" rel="noreferrer">documentation</a>.',
+ 'For information how to properly configure your server, please see the <a href="%s" target="_blank" rel="noreferrer noopener">documentation</a>.',
link_to_docs('admin-install')
)); ?></p>
</fieldset>
@@ -84,7 +84,7 @@ script('core', [
<p class="info">
<?php p($l->t( 'Only %s is available.', array($label) )); ?>
<?php p($l->t( 'Install and activate additional PHP modules to choose other database types.' )); ?><br>
- <a href="<?php print_unescaped(link_to_docs('admin-source_install')); ?>" target="_blank" rel="noreferrer">
+ <a href="<?php print_unescaped(link_to_docs('admin-source_install')); ?>" target="_blank" rel="noreferrer noopener">
<?php p($l->t( 'For more details check out the documentation.' )); ?> ↗</a>
</p>
<input type="hidden" id="dbtype" name="dbtype" value="<?php p($type) ?>">
@@ -166,6 +166,6 @@ script('core', [
<p class="info">
<span class="icon-info-white"></span>
<?php p($l->t('Need help?'));?>
- <a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-install')); ?>"><?php p($l->t('See the documentation'));?> ↗</a>
+ <a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-install')); ?>"><?php p($l->t('See the documentation'));?> ↗</a>
</p>
</form>
diff --git a/core/templates/layout.noscript.warning.php b/core/templates/layout.noscript.warning.php
index c7776bd33c4..7d7a32bfbf4 100644
--- a/core/templates/layout.noscript.warning.php
+++ b/core/templates/layout.noscript.warning.php
@@ -3,7 +3,7 @@
<div>
<?php print_unescaped(str_replace(
['{linkstart}', '{linkend}'],
- ['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer">', '</a>'],
+ ['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">', '</a>'],
$l->t('This application requires JavaScript for correct operation. Please {linkstart}enable JavaScript{linkend} and reload the page.')
)); ?>
</div>
diff --git a/core/templates/update.use-cli.php b/core/templates/update.use-cli.php
index d30e15c8573..06d7e284907 100644
--- a/core/templates/update.use-cli.php
+++ b/core/templates/update.use-cli.php
@@ -8,7 +8,7 @@
p($l->t('Please use the command line updater because automatic updating is disabled in the config.php.'));
} ?><br><br>
<?php
- print_unescaped($l->t('For help, see the <a target="_blank" rel="noreferrer" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br>
+ print_unescaped($l->t('For help, see the <a target="_blank" rel="noreferrer noopener" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br>
</div>
</div>