From ba2853caac636d2ae596d74561fa0233567242d4 Mon Sep 17 00:00:00 2001
From: Jérémy DECOOL <contact@jdecool.fr>
Date: Sun, 12 Feb 2017 11:01:36 +0100
Subject: Prevent target='_blank' vulnerability on dynamic link

---
 plugins/af_psql_trgm/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/af_psql_trgm/init.php')

diff --git a/plugins/af_psql_trgm/init.php b/plugins/af_psql_trgm/init.php
index 8c92be1ab..542cd720e 100644
--- a/plugins/af_psql_trgm/init.php
+++ b/plugins/af_psql_trgm/init.php
@@ -85,7 +85,7 @@ class Af_Psql_Trgm extends Plugin {
 				style='vertical-align : middle'>";
 
 			$article_link = htmlspecialchars($line["link"]);
-			print " <a target=\"_blank\" href=\"$article_link\">".
+			print " <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$article_link\">".
 				$line["title"]."</a>";
 
 			print " (<a href=\"#\" onclick=\"viewfeed({feed:".$line["feed_id"]."})\">".
-- 
cgit v1.2.3-54-g00ecf