diff options
| author | Markus Staab <markus.staab@redaxo.de> | 2017-10-19 12:16:04 +0200 |
|---|---|---|
| committer | Markus Staab <markus.staab@redaxo.de> | 2017-10-19 12:16:04 +0200 |
| commit | db34b59238846e5ec046a456b4f76649321571d1 (patch) | |
| tree | 3efe5a2c81888f6440c43ba6450998f6434ba7ea /lib | |
| parent | 8e25df9690a4d953721dcdc8e61038b332774a10 (diff) | |
| download | nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.tar.gz nextcloud-server-db34b59238846e5ec046a456b4f76649321571d1.zip | |
Prevent XSS in links which open a new browser window
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Installer.php | 2 | ||||
| -rw-r--r-- | lib/private/legacy/defaults.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/private/Installer.php b/lib/private/Installer.php index d5082a7fad2..0f7217e0810 100644 --- a/lib/private/Installer.php +++ b/lib/private/Installer.php @@ -548,7 +548,7 @@ class Installer { } catch (TableExistsException $e) { throw new HintException( 'Failed to enable app ' . $app, - 'Please ask for help via one of our <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer">support channels</a>.', + 'Please ask for help via one of our <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer noopener">support channels</a>.', 0, $e ); } diff --git a/lib/private/legacy/defaults.php b/lib/private/legacy/defaults.php index adfbe71377d..d2f639959cf 100644 --- a/lib/private/legacy/defaults.php +++ b/lib/private/legacy/defaults.php @@ -235,7 +235,7 @@ class OC_Defaults { $footer = $this->theme->getShortFooter(); } else { $footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' . - ' rel="noreferrer">' .$this->getEntity() . '</a>'. + ' rel="noreferrer noopener">' .$this->getEntity() . '</a>'. ' – ' . $this->getSlogan(); } |