]> git.wh0rd.org - tt-rss.git/blobdiff - plugins/share/init.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent target='_blank' vulnerability on dynamic link
[tt-rss.git] / plugins / share / init.php
diff --git a/plugins/share/init.php b/plugins/share/init.php
index 0f8f8fec12633165d68d612f5e9fa97cc04c8161..a028c057b4630ce607552fc42c6407012eb22454 100644 (file)
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -100,7 +100,7 @@ class Share extends Plugin {
                        $url_path .= "/public.php?op=share&key=$uuid";
 
                        print "<div class=\"tagCloudContainer\">";
-                       print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
+                       print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
                        print "</div>";
 
                        /* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/