Added rel attribute to auto_link()

Fixed security issue: allowing the target page to take control of the original page Details about the issue here: https://mathiasbynens.github.io/rel-noopener/
author: Mehdi Bounya <5004111+mehdibo@users.noreply.github.com> 2018-01-28 20:29:29 +0100
committer: GitHub <noreply@github.com> 2018-01-28 20:29:29 +0100
commit: 459eaa897191cceb674820a6a9e2630f7ca1350f (patch)
tree: 51b9382a7b6a07ffc795b7bff72e18610fe10979
parent: 6545f8595480ab64220aacc8a5176383dac4122b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index e5d2d372f..3eb2cb0b0 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -396,7 +396,7 @@ if ( ! function_exists('auto_link'))
 		if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
 		{
 			// Set our target HTML if using popup links.
-			$target = ($popup) ? ' target="_blank"' : '';
+			$target = ($popup) ? ' target="_blank" rel="noopener"' : '';
 
 			// We process the links in reverse order (last -> first) so that
 			// the returned string offsets from preg_match_all() are not
author	Mehdi Bounya <5004111+mehdibo@users.noreply.github.com>	2018-01-28 20:29:29 +0100
committer	GitHub <noreply@github.com>	2018-01-28 20:29:29 +0100
commit	459eaa897191cceb674820a6a9e2630f7ca1350f (patch)
tree	51b9382a7b6a07ffc795b7bff72e18610fe10979
parent	6545f8595480ab64220aacc8a5176383dac4122b (diff)