blob: b899ab5b195b63d5998851ebf47de6fb692dbd35 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
From b421096d5596f1c6ade078fa0b1103deefc3a5ed Mon Sep 17 00:00:00 2001
From: qssam <Sam.Webb@quiet-storm.net>
Date: Tue, 7 Feb 2017 16:49:10 +0000
Subject: [PATCH] Fix to window.opener vulnerability in external referral site
links
Reference: https://mathiasbynens.github.io/rel-noopener/
---
wwwroot/cgi-bin/awstats.pl | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
index 75f0ed95..8bde5c03 100755
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -8892,7 +8892,7 @@ sub HTMLShowURLInfo {
{ # URL seems to be extracted from a proxy log file
print "<a href=\""
. XMLEncode("$newkey")
- . "\" target=\"url\" rel=\"nofollow\">"
+ . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
. XMLEncode($nompage) . "</a>";
}
elsif ( $newkey =~ /^\// )
@@ -8907,7 +8907,7 @@ sub HTMLShowURLInfo {
}
print "<a href=\""
. XMLEncode("$urlprot://$SiteDomain$newkey")
- . "\" target=\"url\" rel=\"nofollow\">"
+ . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
. XMLEncode($nompage) . "</a>";
}
else {
--
2.15.1
|