Bug 1113630: Set window.opener to null for the URL field to prevent interaction between a remote script and the bug report

r=gerv a=glob
author: Frédéric Buclin <LpSolit@gmail.com> 2015-01-05 12:50:21 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2015-01-05 12:50:21 +0100
commit: 26db658179ff62a735c6b45767008603914c63ed (patch)
tree: b0d19536e44054695c2f3f63f403b4d795a199e5 /template/en/default/list
parent: fc6271c7fa4e915319462f9d27a52061ed609739 (diff)
download: bugzilla-26db658179ff62a735c6b45767008603914c63ed.tar.gz
bugzilla-26db658179ff62a735c6b45767008603914c63ed.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl
index fe7678b02..d3abc9b21 100644
--- a/template/en/default/list/table.html.tmpl
+++ b/template/en/default/list/table.html.tmpl
@@ -213,7 +213,7 @@
         [%- bug.$column.truncate(256, '...') FILTER html -%]
       [% ELSIF column == 'bug_file_loc' && is_safe_url(bug.bug_file_loc) %]
         <a href="[% bug.bug_file_loc FILTER html %]" target="_blank"
-           title="[% bug.bug_file_loc FILTER html %]">
+           rel="noreferrer" title="[% bug.bug_file_loc FILTER html %]">
           [%- display_value(column, bug.$column).truncate(col_abbrev.maxlength, col_abbrev.ellipsis) FILTER html -%]
         </a>
       [% ELSE %]
author	Frédéric Buclin <LpSolit@gmail.com>	2015-01-05 12:50:21 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2015-01-05 12:50:21 +0100
commit	26db658179ff62a735c6b45767008603914c63ed (patch)
tree	b0d19536e44054695c2f3f63f403b4d795a199e5 /template/en/default/list
parent	fc6271c7fa4e915319462f9d27a52061ed609739 (diff)
download	bugzilla-26db658179ff62a735c6b45767008603914c63ed.tar.gz bugzilla-26db658179ff62a735c6b45767008603914c63ed.tar.xz