summaryrefslogtreecommitdiffstats
path: root/system/helpers/url_helper.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2018-01-31 22:56:21 +0100
committerAndrey Andreev <narf@devilix.net>2018-04-23 13:32:38 +0200
commit4dab9f8db84d5286ef1da9217af9e44771433b2f (patch)
treec7adb1649119d5f62cecf7c17e7da1c945a7dca2 /system/helpers/url_helper.php
parent13265c5aabe5e3fd462a9f89031952b346efee73 (diff)
Merge pull request #5391 from mehdibo/fix/url-helper
Prevent tab hijacking when using the URL helper
Diffstat (limited to 'system/helpers/url_helper.php')
-rw-r--r--system/helpers/url_helper.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 0359ac92c..a22c4c215 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php
@@ -396,7 +396,7 @@ if ( ! function_exists('auto_link'))
if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
{
// Set our target HTML if using popup links.
- $target = ($popup) ? ' target="_blank"' : '';
+ $target = ($popup) ? ' target="_blank" rel="noopener"' : '';
// We process the links in reverse order (last -> first) so that
// the returned string offsets from preg_match_all() are not