Prevent access via the 'window.opener' object with submitted links

C-Lodder · C-Lodder · commit d9126c03ab00 · 2017-02-28T11:29:39.000Z
diff --git a/changelog.php b/changelog.php
@@ -14,8 +14,8 @@
 - -> Removed
 ! -> Note
 
-WIP
-WIP
+###WIP
+* Prevent access via the 'window.opener' object with submitted links
 ^ Fix smiley being shown multiple times for the same image if there are multiple shortcuts
 
 Version 8.1.11
diff --git a/mod_shoutbox/helper.php b/mod_shoutbox/helper.php
@@ -514,7 +514,7 @@ public function bbcodeFilter($message)
 			'<span class="jj-italic">$1</span>',
 			'<span class="jj-underline">$1</span>',
 			'<a href="#" data-jj-image="http$1://$2" data-jj-image-alt="$3" class="jj-image-modal">$3</a>',
-			'<a href="http$1://$2" target="_blank">$3</a>'
+			'<a href="http$1://$2" target="_blank" rel="nofollow noreferrer">$3</a>'
 		);
 
 		$message = preg_replace($search, $replace, $message);
