Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148)

2025-07-30 04:23:11 +03:00 · 2021-05-24 16:17:08 -04:00
parent df0e03cd07
commit 7a6f21648a
7 changed files with 12 additions and 11 deletions
--- a/resources/views/attachments/manager-list.blade.php
+++ b/resources/views/attachments/manager-list.blade.php
@ -7,7 +7,7 @@
             class="card drag-card">
            <div class="handle">@icon('grip')</div>
            <div class="py-s">
-                <a href="{{ $attachment->getUrl() }}" target="_blank">{{ $attachment->name }}</a>
+                <a href="{{ $attachment->getUrl() }}" target="_blank" rel="noopener">{{ $attachment->name }}</a>
            </div>
            <div class="flex-fill justify-flex-end">
                <button component="event-emit-select"