This thread is over two years old and may be outdated. Please create a new thread if you need help, or email us if you have an active Premium license.

Widget image security problem no rel=”noopener” tag

Open 3 replies bug-reportpluginplugin-widgets-bundle
mike31
8 years ago · Last reply by mike31 8 years ago

Hi,

I use last version of Siteorigin and Widget Siteorigin Image too.
I find a security problem in your widget image because and we check ‘Open in new window’, the generated HTML has target=’_blank’ but not rel=”noopener” which fix a security vulnability.
Could you fix this issue in your widget image

Thank you

Michael

This is our free support forum. Replies can take several days.

Need fast email support? Get SiteOrigin Premium

Replies

3
  1. mike31 8 years, 4 months ago

    Hi,

    Just to complete ma request and help you to add the fix in a future update.
    It’s very simple to fix it

    I have

    $link_atts['rel'] = 'noopener';

    in line 159 in so-widgets-bundle/widgets/imageimage.php

    $link_atts = array();
	if ( ! empty( $instance['new_window'] ) ) {
		$link_atts['target'] = '_blank';
		<strong>$link_atts['rel'] = 'noopener';</strong>
	}
  2. Alex S Staff 8 years, 3 months ago

    Hi Mike,

    Thank you for reporting this issue. This (and any other usage of _blank) will be fixed in the next update.

  3. mike31 8 years, 3 months ago

    Hi Alex,

    Thank you very much, I wait this next update.

    Regards,

Replies on this thread are closed.

Please create a new thread if you have a question, or purchase a SiteOrigin Premium license if you need one-on-one email support.

Have a different question or issue?

Start New Thread