groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-23 03:19:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added rel=noopener to target=_blank links to prevent window.opener spoof.

Browse source
This commit is contained in:
Jan Böhmer 2019-11-01 23:49:46 +01:00
parent 7a5a2f65f9
commit 9b481323aa
7 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

2
templates/helper.twig
View file

@ -36,7 +36,7 @@
{% macro attachment_icon(attachment, attachment_helper, class = "fa-fw fas fa-3x", link = true) %}
{% if not attachment_helper or attachment_helper.fileExisting(attachment) %}
<a target="_blank" data-no-ajax href="{% if link %}{{ attachment|entityURL('file_view') }}{% endif %}">
<a target="_blank" data-no-ajax rel="noopener" href="{% if link %}{{ attachment|entityURL('file_view') }}{% endif %}">
{% if attachment.picture %}
<img class="hoverpic" src="{{ attachment|entityURL('file_view') }}">
{% else %}