]> BookStack Code Mirror - bookstack/blobdiff - resources/views/components/image-manager-form.blade.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148)
[bookstack] / resources / views / components / image-manager-form.blade.php
diff --git a/resources/views/components/image-manager-form.blade.php b/resources/views/components/image-manager-form.blade.php
index e49a5fca723f8c96fbc1182856b4dae676ac15a8..6d62552266945fc7d27579cab7044a835289907f 100644 (file)
--- a/resources/views/components/image-manager-form.blade.php
+++ b/resources/views/components/image-manager-form.blade.php
@@ -7,7 +7,7 @@
           option:ajax-form:url="{{ url('images/' . $image->id) }}">
 
         <div class="image-manager-viewer">
-            <a href="{{ $image->url }}" target="_blank" class="block">
+            <a href="{{ $image->url }}" target="_blank" rel="noopener" class="block">
                 <img src="{{ $image->thumbs['display'] }}"
                      alt="{{ $image->name }}"
                      class="anim fadeIn"
@@ -40,6 +40,7 @@
                     <li>
                         <a href="{{ $page->url }}"
                            target="_blank"
+                           rel="noopener"
                            class="text-neg">{{ $page->name }}</a>
                     </li>
                 @endforeach
The core source code for the BookStack project.