Fix to window.opener vulnerability in external referral site links

author qssam <Sam.Webb@quiet-storm.net>

Tue, 7 Feb 2017 16:49:10 +0000 (16:49 +0000)

committer qssam <Sam.Webb@quiet-storm.net>

Tue, 7 Feb 2017 16:49:10 +0000 (16:49 +0000)
author qssam <Sam.Webb@quiet-storm.net>
Tue, 7 Feb 2017 16:49:10 +0000 (16:49 +0000)
committer qssam <Sam.Webb@quiet-storm.net>
Tue, 7 Feb 2017 16:49:10 +0000 (16:49 +0000)
diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl

index 75f0ed958a1d112ea12f75bd1efccaa5e1234811..8bde5c035933ebe1e9ac8c05f24c8981956f357e 100755 (executable)
--- a/wwwroot/cgi-bin/awstats.pl
+++ b/wwwroot/cgi-bin/awstats.pl
@@ -8892,7 +8892,7 @@ sub HTMLShowURLInfo {
                         {    # URL seems to be extracted from a proxy log file
                                 print "<a href=\""
                                   . XMLEncode("$newkey")
-                                 . "\" target=\"url\" rel=\"nofollow\">"
+                                 . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
                                   . XMLEncode($nompage) . "</a>";
                         }
                         elsif ( $newkey =~ /^\// )
@@ -8907,7 +8907,7 @@ sub HTMLShowURLInfo {
                                 }
                                 print "<a href=\""
                                   . XMLEncode("$urlprot://$SiteDomain$newkey")
-                                 . "\" target=\"url\" rel=\"nofollow\">"
+                                 . "\" target=\"url\" rel=\"nofollow noopener noreferrer\">"
                                   . XMLEncode($nompage) . "</a>";
                         }
                         else {
author	qssam <Sam.Webb@quiet-storm.net>
	Tue, 7 Feb 2017 16:49:10 +0000 (16:49 +0000)
committer	qssam <Sam.Webb@quiet-storm.net>
	Tue, 7 Feb 2017 16:49:10 +0000 (16:49 +0000)