From db34b59238846e5ec046a456b4f76649321571d1 Mon Sep 17 00:00:00 2001
From: Markus Staab <markus.staab@redaxo.de>
Date: Thu, 19 Oct 2017 12:16:04 +0200
Subject: Prevent XSS in links which open a new browser window

---
 apps/theming/tests/ThemingDefaultsTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'apps/theming/tests')

diff --git a/apps/theming/tests/ThemingDefaultsTest.php b/apps/theming/tests/ThemingDefaultsTest.php
index abd85a612c9..6fbf3a2529d 100644
--- a/apps/theming/tests/ThemingDefaultsTest.php
+++ b/apps/theming/tests/ThemingDefaultsTest.php
@@ -217,7 +217,7 @@ class ThemingDefaultsTest extends TestCase {
 				['theming', 'slogan', $this->defaults->getSlogan(), 'Slogan'],
 			]);
 
-		$this->assertEquals('<a href="url" target="_blank" rel="noreferrer">Name</a> – Slogan', $this->template->getShortFooter());
+		$this->assertEquals('<a href="url" target="_blank" rel="noreferrer noopener">Name</a> – Slogan', $this->template->getShortFooter());
 	}
 
 	public function testGetShortFooterEmptySlogan() {
@@ -230,7 +230,7 @@ class ThemingDefaultsTest extends TestCase {
 				['theming', 'slogan', $this->defaults->getSlogan(), ''],
 			]);
 
-		$this->assertEquals('<a href="url" target="_blank" rel="noreferrer">Name</a>', $this->template->getShortFooter());
+		$this->assertEquals('<a href="url" target="_blank" rel="noreferrer noopener">Name</a>', $this->template->getShortFooter());
 	}
 
 	public function testgetColorPrimaryWithDefault() {
-- 
cgit v1.2.3