Bug 1113630: Set window.opener to null for the URL field to prevent interaction…

Bug 1113630: Set window.opener to null for the URL field to prevent interaction between a remote script and the bug report r=gerv a=glob

Bug 1113630: Set window.opener to null for the URL field to prevent interaction…
a5758fa2 · Frédéric Buclin · e82a8134 · a5758fa2 · a5758fa2 · a5758fa2
Commit a5758fa2 authored Jan 05, 2015 by Frédéric Buclin
Showing with 5 additions and 4 deletions

edit.html.tmpl template/en/default/bug/edit.html.tmpl +3 -2

show-multiple.html.tmpl template/en/default/bug/show-multiple.html.tmpl +1 -1

table.html.tmpl template/en/default/list/table.html.tmpl +1 -1

No files found.
--- a/template/en/default/bug/edit.html.tmpl
+++ b/template/en/default/bug/edit.html.tmpl
@@ -492,7 +492,7 @@
        <span id="bz_url_edit_container" class="bz_default_hidden"> 
        [% IF is_safe_url(bug.bug_file_loc) %]
           <a href="[% bug.bug_file_loc FILTER html %]" target="_blank"
-              title="[% bug.bug_file_loc FILTER html %]">
+              rel="noreferrer" title="[% bug.bug_file_loc FILTER html %]">
             [% bug.bug_file_loc FILTER truncate(40) FILTER html %]</a>
        [% ELSE %]
          [% bug.bug_file_loc FILTER html %]
@@ -503,7 +503,8 @@
        [% url_output =  PROCESS input no_td=1 inputname => "bug_file_loc" size => "40" colspan => 2 %]
        [% IF NOT bug.check_can_change_field("bug_file_loc", 0, 1)
              AND is_safe_url(bug.bug_file_loc) %]
-          <a href="[% bug.bug_file_loc FILTER html %]">[% url_output FILTER none %]</a>
+          <a href="[% bug.bug_file_loc FILTER html %]"
+             rel="noreferrer">[% url_output FILTER none %]</a>
        [% ELSE %]
          [% url_output FILTER none %]
        [% END %]

--- a/template/en/default/bug/show-multiple.html.tmpl
+++ b/template/en/default/bug/show-multiple.html.tmpl
@@ -148,7 +148,7 @@
        <th>[% field_descs.bug_file_loc FILTER html %]:</th>
        <td colspan="3">
          [% IF is_safe_url(bug.bug_file_loc) %]
-            <a href="[% bug.bug_file_loc FILTER html %]">
+            <a href="[% bug.bug_file_loc FILTER html %]" rel="noreferrer">
                     [% bug.bug_file_loc FILTER html %]</a>
          [% ELSE %]
            [% bug.bug_file_loc FILTER html %]

--- a/template/en/default/list/table.html.tmpl
+++ b/template/en/default/list/table.html.tmpl
@@ -213,7 +213,7 @@
        [%- bug.$column.truncate(256, '...') FILTER html -%]
      [% ELSIF column == 'bug_file_loc' && is_safe_url(bug.bug_file_loc) %]
        <a href="[% bug.bug_file_loc FILTER html %]" target="_blank"
-           title="[% bug.bug_file_loc FILTER html %]">
+           rel="noreferrer" title="[% bug.bug_file_loc FILTER html %]">
          [%- display_value(column, bug.$column).truncate(col_abbrev.maxlength, col_abbrev.ellipsis) FILTER html -%]
        </a>
      [% ELSE %]