diff options
author | Neil Johnson <neil@matrix.org> | 2019-07-19 12:03:36 +0100 |
---|---|---|
committer | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-07-19 12:03:36 +0100 |
commit | 5c05ae7ba0c7ec97b84d55efdbc91446361bf9e1 (patch) | |
tree | d9a8cbf4380d11caac6e66af0d46250464fa8bd1 | |
parent | Update the coding style doc (#5719) (diff) | |
download | synapse-5c05ae7ba0c7ec97b84d55efdbc91446361bf9e1.tar.xz |
Add 'rel' attribute to default welcome page. (#5695)
add rel attribute as a precaution against reverse tabnabbing in future
-rw-r--r-- | changelog.d/5695.misc | 1 | ||||
-rw-r--r-- | synapse/static/index.html | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/changelog.d/5695.misc b/changelog.d/5695.misc new file mode 100644 index 0000000000..4741d32e25 --- /dev/null +++ b/changelog.d/5695.misc @@ -0,0 +1 @@ +Add precautionary measures to prevent future abuse of `window.opener` in default welcome page. diff --git a/synapse/static/index.html b/synapse/static/index.html index d3f1c7dce0..bf46df9097 100644 --- a/synapse/static/index.html +++ b/synapse/static/index.html @@ -48,13 +48,13 @@ </div> <h1>It works! Synapse is running</h1> <p>Your Synapse server is listening on this port and is ready for messages.</p> - <p>To use this server you'll need <a href="https://matrix.org/docs/projects/try-matrix-now.html#clients" target="_blank">a Matrix client</a>. + <p>To use this server you'll need <a href="https://matrix.org/docs/projects/try-matrix-now.html#clients" target="_blank" rel="noopener noreferrer">a Matrix client</a>. </p> <p>Welcome to the Matrix universe :)</p> <hr> <p> <small> - <a href="https://matrix.org" target="_blank"> + <a href="https://matrix.org" target="_blank" rel="noopener noreferrer"> matrix.org </a> </small> |