Bug 1113630: Set window.opener to null for the URL field to prevent interaction between a remote script and the bug report

author: Frédéric Buclin <LpSolit@gmail.com> 2015-01-05 05:40:22 +0100
committer: Byron Jones <glob@mozilla.com> 2015-01-05 05:40:22 +0100
commit: b78ed6c10802fa83bc6eb70729a562866ad8f4c7 (patch)
tree: b7b7efdc88b5f328d51f9cc85f05476ec0784db9 /extensions/InlineHistory/template
parent: 66a9fc93e06ac364194a86c7269b662e1e227c60 (diff)
download: bugzilla-b78ed6c10802fa83bc6eb70729a562866ad8f4c7.tar.gz
bugzilla-b78ed6c10802fa83bc6eb70729a562866ad8f4c7.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl b/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl
index d75c69f78..d9871e43f 100644
--- a/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl
+++ b/extensions/InlineHistory/template/en/default/hook/bug/comments-aftercomments.html.tmpl
@@ -137,7 +137,7 @@
   [% ELSIF change.buglist %]
     [% value FILTER bug_list_link FILTER js %]
   [% ELSIF change.fieldname == 'bug_file_loc' %]
-    [%~%]<a href="[% value FILTER html FILTER js %]" target="_blank"
+    [%~%]<a href="[% value FILTER html FILTER js %]" target="_blank" rel="noreferrer"
       [%~ ' onclick="return inline_history.confirmUnsafeUrl(this.href)"'
           UNLESS is_safe_url(value) %]>
     [%~%][% value FILTER ih_short_value FILTER html FILTER js %]</a>
author	Frédéric Buclin <LpSolit@gmail.com>	2015-01-05 05:40:22 +0100
committer	Byron Jones <glob@mozilla.com>	2015-01-05 05:40:22 +0100
commit	b78ed6c10802fa83bc6eb70729a562866ad8f4c7 (patch)
tree	b7b7efdc88b5f328d51f9cc85f05476ec0784db9 /extensions/InlineHistory/template
parent	66a9fc93e06ac364194a86c7269b662e1e227c60 (diff)
download	bugzilla-b78ed6c10802fa83bc6eb70729a562866ad8f4c7.tar.gz bugzilla-b78ed6c10802fa83bc6eb70729a562866ad8f4c7.tar.xz