dépôts / lhc / web / wiklou.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a00ddb) | patch
Add rel="noreferrer noopener" when target attribute would open window
authorBrian Wolff <bawolff+wn@gmail.com>
Mon, 25 Apr 2016 18:08:46 +0000 (14:08 -0400)
committerChad Horohoe <chadh@wikimedia.org>
Fri, 20 May 2016 16:49:41 +0000 (09:49 -0700)
commit13ece3550e4935865a410009e060b4f4b036f949
treed5725d461392cb305dd66094a162e47f2408c103tree | snapshot
parent8a00ddbf357831129b6565d0e0f7858f3514b582commit | diff
Add rel="noreferrer noopener" when target attribute would open window

noreferrer is used as support for noopener is very limited.
This is to prevent the attack detailed at
https://mathiasbynens.github.io/rel-noopener/ where you can
navigate the parent window, even if the new window is a cross-origin.

Bug: T133507
Change-Id: I6e4ab938861e246ff44048077b94847e303f1859

Signed-off-by: Chad Horohoe <chadh@wikimedia.org>
includes/DefaultSettings.php diff | blob | history
includes/Linker.php diff | blob | history
includes/parser/Parser.php diff | blob | history
tests/parser/parserTests.txt diff | blob | history
Wiklou, le Wiki du Wiklou