Commit 829d478f authored by Andrew Dolgov's avatar Andrew Dolgov

add some protection against opener attacks if external site is opened via window.open()

parent 23c8ef7e
......@@ -1957,7 +1957,7 @@
# $entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
# $filename . " (" . $ctype . ")" . "</a>";
$entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\"
$entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\"
dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>";
array_push($entries_html, $entry);
......@@ -2038,7 +2038,7 @@
else
$filename = "";
$rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")'
$rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")'
dojoType=\"dijit.MenuItem\">".$filename . $title."</div>";
};
......
......@@ -2064,9 +2064,17 @@ function getSelectionText() {
return text.stripTags();
}
function openUrlPopup(url) {
var w = window.open("");
w.opener = null;
w.location = url;
}
function openArticlePopup(id) {
window.open("backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id +
"&csrf_token=" + getInitParam("csrf_token"),
var w = window.open("",
"ttrss_article_popup",
"height=900,width=900,resizable=yes,status=no,location=no,menubar=no,directories=no,scrollbars=yes,toolbar=no");
w.opener = null;
w.location = "backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + "&csrf_token=" + getInitParam("csrf_token");
}
\ No newline at end of file
......@@ -1729,7 +1729,10 @@ function hlClicked(event, id) {
function openArticleInNewWindow(id) {
toggleUnread(id, 0, false);
window.open("backend.php?op=article&method=redirect&id=" + id);
var w = window.open("");
w.opener = null;
w.location = "backend.php?op=article&method=redirect&id=" + id;
}
function isCdmMode() {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment