From be86595c1a0e2760d8a819353d550c5f66ff8147 Mon Sep 17 00:00:00 2001 From: pascal-meunier Date: Thu, 8 Apr 2021 11:15:37 -0400 Subject: [PATCH] Update fileselector.js Added "noopener,noreferrer" to _blank targets in window.open JavaScript calls https://developer.mozilla.org/en-US/docs/Web/API/Window/open#window_functionality_features --- core/plugins/projects/files/assets/js/fileselector.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/plugins/projects/files/assets/js/fileselector.js b/core/plugins/projects/files/assets/js/fileselector.js index bc0da003633..3f0b11ca120 100644 --- a/core/plugins/projects/files/assets/js/fileselector.js +++ b/core/plugins/projects/files/assets/js/fileselector.js @@ -77,7 +77,7 @@ HUB.ProjectFilesFileSelect = { // We're going to assume we get here because the user isn't authorized to the remote client // Open up a new window to handle the oauth transaction url += '&return=' + encodeURI(window.location.origin); - var auth = window.open(url, "_blank", "toolbar=no, scrollbars=no, resizable=no, width=500, height=600"); + var auth = window.open(url, "_blank", "noopener, noreferrer, toolbar=no, scrollbars=no, resizable=no, width=500, height=600"); // Remove the loader and recollapse the folder target.next('.content-loader-slim').remove();