From ba2853caac636d2ae596d74561fa0233567242d4 Mon Sep 17 00:00:00 2001
From: Jérémy DECOOL <contact@jdecool.fr>
Date: Sun, 12 Feb 2017 11:01:36 +0100
Subject: Prevent target='_blank' vulnerability on dynamic link

---
 include/feedbrowser.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'include/feedbrowser.php')

diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index 4772420ab..ec4efe15a 100644
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -59,12 +59,12 @@
 
 				$class = ($feedctr % 2) ? "even" : "odd";
 
-				$site_url = "<a target=\"_blank\"
+				$site_url = "<a target=\"_blank\" rel=\"noopener noreferrer\"
 							href=\"$site_url\">
 							<span class=\"fb_feedTitle\">".
 				htmlspecialchars($line["title"])."</span></a>";
 
-				$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
+				$feed_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" class=\"fb_feedUrl\"
 							href=\"$feed_url\"><img src='images/pub_set.png'
 							style='vertical-align : middle'></a>";
 
@@ -87,12 +87,12 @@
 					$archived = '';
 				}
 
-				$site_url = "<a target=\"_blank\"
+				$site_url = "<a target=\"_blank\" rel=\"noopener noreferrer\"
 							href=\"$site_url\">
 							<span class=\"fb_feedTitle\">".
 				htmlspecialchars($line["title"])."</span></a>";
 
-				$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
+				$feed_url = "<a target=\"_blank\" rel=\"noopener noreferrer\" class=\"fb_feedUrl\"
 							href=\"$feed_url\"><img src='images/pub_set.png'
 							style='vertical-align : middle'></a>";
 
-- 
cgit v1.2.3-54-g00ecf