add some protection against opener attacks if external site is opened via window...

[tt-rss.git] / js / viewfeed.js

diff --git a/js/viewfeed.js b/js/viewfeed.js
index 1f597e226073f952ed13d6e31f0d7ec9f5a12d13..dfbf8bced9a22438009ad372ee8807a9fcfa9038 100755 (executable)
--- a/js/viewfeed.js
+++ b/js/viewfeed.js
@@ -1729,7 +1729,10 @@ function hlClicked(event, id) {
 
 function openArticleInNewWindow(id) {
        toggleUnread(id, 0, false);
-       window.open("backend.php?op=article&method=redirect&id=" + id);
+
+       var w = window.open("");
+       w.opener = null;
+       w.location = "backend.php?op=article&method=redirect&id=" + id;
 }
 
 function isCdmMode() {