Prevent XSS in links which open a new browser window

author: Markus Staab <markus.staab@redaxo.de> 2017-10-19 12:16:04 +0200
committer: Markus Staab <markus.staab@redaxo.de> 2017-10-19 12:16:04 +0200
commit: db34b59238846e5ec046a456b4f76649321571d1 (patch)
tree: 3efe5a2c81888f6440c43ba6450998f6434ba7ea /lib/private/legacy/defaults.php
parent: 8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
download: nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz
nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/legacy/defaults.php b/lib/private/legacy/defaults.php
index adfbe71377d..d2f639959cf 100644
--- a/lib/private/legacy/defaults.php
+++ b/lib/private/legacy/defaults.php
@@ -235,7 +235,7 @@ class OC_Defaults {
 			$footer = $this->theme->getShortFooter();
 		} else {
 			$footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' .
-				' rel="noreferrer">' .$this->getEntity() . '</a>'.
+				' rel="noreferrer noopener">' .$this->getEntity() . '</a>'.
 				' – ' . $this->getSlogan();
 		}
author	Markus Staab <markus.staab@redaxo.de>	2017-10-19 12:16:04 +0200
committer	Markus Staab <markus.staab@redaxo.de>	2017-10-19 12:16:04 +0200
commit	db34b59238846e5ec046a456b4f76649321571d1 (patch)
tree	3efe5a2c81888f6440c43ba6450998f6434ba7ea /lib/private/legacy/defaults.php
parent	8e25df9690a4d953721dcdc8e61038b332774a10 (diff)
download	nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip