]> BookStack Code Mirror - bookstack/blobdiff - resources/views/components/page-picker.blade.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148)
[bookstack] / resources / views / components / page-picker.blade.php
diff --git a/resources/views/components/page-picker.blade.php b/resources/views/components/page-picker.blade.php
index c59615d92a30a38fbb0aa66feba92d5a56c0ad1f..0df42e3cef9993f12c7552881a44a76ebbfbcb03 100644 (file)
--- a/resources/views/components/page-picker.blade.php
+++ b/resources/views/components/page-picker.blade.php
@@ -3,7 +3,7 @@
 <div page-picker>
     <div class="input-base">
         <span @if($value) style="display: none" @endif page-picker-default class="text-muted italic">{{ $placeholder }}</span>
-        <a @if(!$value) style="display: none" @endif href="{{ url('/link/' . $value) }}" target="_blank" class="text-page" page-picker-display>#{{$value}}, {{$value ? \BookStack\Entities\Models\Page::find($value)->name : '' }}</a>
+        <a @if(!$value) style="display: none" @endif href="{{ url('/link/' . $value) }}" target="_blank" rel="noopener" class="text-page" page-picker-display>#{{$value}}, {{$value ? \BookStack\Entities\Models\Page::find($value)->name : '' }}</a>
     </div>
     <br>
     <input type="hidden" value="{{$value}}" name="{{$name}}" id="{{$name}}">
The core source code for the BookStack project.