Added rel=noopener to target=_blank links to prevent window.opener spoof.

2026-01-06 02:09:33 +00:00 · 2019-11-01 23:49:46 +01:00 · 2019-11-01 23:49:46 +01:00 · 9b481323aa
commit 9b481323aa
parent 7a5a2f65f9
7 changed files with 10 additions and 10 deletions
--- a/templates/Parts/info/_order_infos.html.twig
+++ b/templates/Parts/info/_order_infos.html.twig
@ -15,7 +15,7 @@
                    <a href="{{ order.supplier | entityURL('list_parts') }}">{{ order.supplier.name }}</a>
                </td>
                <td>{% if order.supplierProductUrl is not empty %}
-                        <a href="{{ order.supplierProductUrl }}" target="_blank" class="link-external">{{ order.supplierPartNr }}</a>
+                        <a href="{{ order.supplierProductUrl }}" rel="noopener" target="_blank" class="link-external">{{ order.supplierPartNr }}</a>
                    {% else %}
                        {{ order.supplierPartNr }}
                    {% endif %}