diff options
author | Andrey Andreev <narf@devilix.net> | 2018-01-31 22:56:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-31 22:56:21 +0100 |
commit | b37902586b10bdbd7a34480950098800ddf4b120 (patch) | |
tree | 51b9382a7b6a07ffc795b7bff72e18610fe10979 | |
parent | 6545f8595480ab64220aacc8a5176383dac4122b (diff) | |
parent | 459eaa897191cceb674820a6a9e2630f7ca1350f (diff) |
Merge pull request #5391 from mehdibo/fix/url-helper
Prevent tab hijacking when using the URL helper
-rw-r--r-- | system/helpers/url_helper.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php index e5d2d372f..3eb2cb0b0 100644 --- a/system/helpers/url_helper.php +++ b/system/helpers/url_helper.php @@ -396,7 +396,7 @@ if ( ! function_exists('auto_link')) if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER)) { // Set our target HTML if using popup links. - $target = ($popup) ? ' target="_blank"' : ''; + $target = ($popup) ? ' target="_blank" rel="noopener"' : ''; // We process the links in reverse order (last -> first) so that // the returned string offsets from preg_match_all() are not |