git.wh0rd.org Git - tt-rss.git/commit

]> git.wh0rd.org Git - tt-rss.git/commit

author	Andrew Dolgov <cthulhoo@gmail.com>
	Sun, 12 Feb 2017 11:19:37 +0000 (14:19 +0300)
committer	Andrew Dolgov <cthulhoo@gmail.com>
	Sun, 12 Feb 2017 11:19:37 +0000 (14:19 +0300)
commit	3891782cf5fc20dc70e17c8665866aef6392233e
tree	9e46eabafcddd2e76cd0c8fc4c1498d0b1858757	tree \| snapshot
parent	2187322caee25756d28983f069e291612023c6dc	commit \| diff
parent	ba2853caac636d2ae596d74561fa0233567242d4	commit \| diff

Merge branch 'fix-target-blank-vulnerability' into 'master'

Prevent target='_blank' vulnerability on dynamic link

This merge request refere to https://tt-rss.org/forum/viewtopic.php?f=8&t=4048

It fix the issue I enconter on some feeds I follow.
Just need to add "noopener" and "noreferrer" on "_blank" link to avoid the vulnerability.

See merge request !46

web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/

RSS Atom