Add 'rel' attribute to default welcome page. (#5695)

add rel attribute as a precaution against reverse tabnabbing in future
This commit is contained in:
Neil Johnson 2019-07-19 12:03:36 +01:00 committed by Richard van der Hoff
parent b73ce4ba81
commit 5c05ae7ba0
2 changed files with 3 additions and 2 deletions

1
changelog.d/5695.misc Normal file
View file

@ -0,0 +1 @@
Add precautionary measures to prevent future abuse of `window.opener` in default welcome page.

View file

@ -48,13 +48,13 @@
</div> </div>
<h1>It works! Synapse is running</h1> <h1>It works! Synapse is running</h1>
<p>Your Synapse server is listening on this port and is ready for messages.</p> <p>Your Synapse server is listening on this port and is ready for messages.</p>
<p>To use this server you'll need <a href="https://matrix.org/docs/projects/try-matrix-now.html#clients" target="_blank">a Matrix client</a>. <p>To use this server you'll need <a href="https://matrix.org/docs/projects/try-matrix-now.html#clients" target="_blank" rel="noopener noreferrer">a Matrix client</a>.
</p> </p>
<p>Welcome to the Matrix universe :)</p> <p>Welcome to the Matrix universe :)</p>
<hr> <hr>
<p> <p>
<small> <small>
<a href="https://matrix.org" target="_blank"> <a href="https://matrix.org" target="_blank" rel="noopener noreferrer">
matrix.org matrix.org
</a> </a>
</small> </small>