Changeset 3600:f9ab70453f48

Timestamp:

11/13/17 11:35:59 (8 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Fix target="blank" vulnerability, thanks DaScritch? for report

File:

• plugins/simpleMenu/_public.php (modified) (4 diffs)

plugins/simpleMenu/_public.php

@@ -102 +102 @@
 
                     $targetBlank = ((isset($m['targetBlank'])) && ($m['targetBlank']))? true:false;
-                    
+
                     # Active item test
                     $active = false;
@@ -112 +112 @@
                     }
                     $title = $span = '';
-                    
+
                     if ($m['descr']) {
                          if (($description == 'title' || $description == 'both') && $targetBlank) {
@@ -124 +124 @@
                          }
                     }
-                    
+
                     if( empty($title) && $targetBlank){
                          $title = ' title="'.__("the link will open a new window").'"';
                     }
-                              
+
                     $label = html::escapeHTML(__($m['label']));
 
@@ -150 +150 @@
                               '">'.
                               '<a href="'.$href.'"'.$item['title'].
-                              (($targetBlank) ? 'target="_blank"': '').'>'.
+                              (($targetBlank) ? 'target="_blank" rel="noopener noreferrer"': '').'>'.
                               '<span class="simple-menu-label">'.$item['label'].'</span>'.
                               $item['span'].'</a>'.