Commit 980996b4 authored by Frank Nägler's avatar Frank Nägler Committed by Andreas Fernandez
Browse files

[BUGFIX] Set rel="noopener noreferrer" for external links

This patch adds rel="noopener noreferrer" for external links in
backend and install tool for security reasons.
If this is not set, the other page can access the window object
with the window.opener property.

Resolves: #89044
Releases: master, 9.5, 8.7
Change-Id: Ib3ceaf87ad0541cc8603ef0d02c95e0b4ef43d4e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61577


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: default avatarGuido Schmechel <guido.schmechel@brandung.de>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: default avatarGuido Schmechel <guido.schmechel@brandung.de>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent fbe8d10a
......@@ -25,22 +25,22 @@
<source>TYPO3 CMS - Professional Web Content Management System</source>
</trans-unit>
<trans-unit id="minor">
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using %s %s</source>
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using %s %s</source>
</trans-unit>
<trans-unit id="cms_description">
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using version %s - Copyright %s %s</source>
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using version %s - Copyright %s %s</source>
</trans-unit>
<trans-unit id="community_credits">
<source>Community Credits</source>
</trans-unit>
<trans-unit id="information_detail">
<source>Visit &lt;a href="https://typo3.org/community/" target="_blank"&gt;typo3.org/community/&lt;/a&gt; if you want to know why TYPO3 rocks.</source>
<source>Visit &lt;a href="https://typo3.org/community/" target="_blank" rel="noopener noreferrer"&gt;typo3.org/community/&lt;/a&gt; if you want to know why TYPO3 rocks.</source>
</trans-unit>
<trans-unit id="coredevs">
<source>Core Team</source>
</trans-unit>
<trans-unit id="coredevs_detail">
<source>Visit &lt;a href="https://typo3.org/teams-committees/core-development/" target="_blank"&gt;typo3.org/teams-committees/core-development/&lt;/a&gt; for the complete member list.&lt;br /&gt;&lt;br /&gt;The Git Repository and the ChangeLog can be found &lt;a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank"&gt;here&lt;/a&gt;.</source>
<source>Visit &lt;a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noopener noreferrer"&gt;typo3.org/teams-committees/core-development/&lt;/a&gt; for the complete member list.&lt;br /&gt;&lt;br /&gt;The Git Repository and the ChangeLog can be found &lt;a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank"&gt;here&lt;/a&gt;.</source>
</trans-unit>
<trans-unit id="extension_authors">
<source>Extension Authors</source>
......
......@@ -6,7 +6,7 @@
<p>
{f:translate(key: 'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_message') -> f:format.raw()}
</p>
<a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank">
<a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noopener noreferrer">
<f:translate key="LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button" />
</a>
</div>
......
......@@ -539,7 +539,7 @@ class PageLayoutController
} else {
$externalUrl = htmlspecialchars(GeneralUtility::makeInstance(PageRepository::class)->getExtURL($this->pageinfo));
if ($externalUrl !== false) {
$externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noopener">' . $externalUrl . '</a>';
$externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noopener noreferrer">' . $externalUrl . '</a>';
$view->assignMultiple([
'title' => $this->pageinfo['title'],
'message' => sprintf($lang->getLL('pageIsExternalLinkMessage'), $externalUrlHtml),
......
......@@ -3830,29 +3830,29 @@ class BackendUtility
$warrantyNote = sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:warranty.by'),
htmlspecialchars($loginCopyrightWarrantyProvider),
'<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank">',
'<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noopener noreferrer">',
'</a>'
);
} else {
$warrantyNote = sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:no.warranty'),
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank">',
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
'</a>'
);
}
$cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank">' .
$cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:typo3.cms') . '</a>. ' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:copyright') . ' &copy; '
. htmlspecialchars(TYPO3_copyright_year) . ' Kasper Sk&aring;rh&oslash;j. ' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:extension.copyright') . ' ' .
sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:details.link'),
'<a href="' . TYPO3_URL_GENERAL . '" target="_blank">' . TYPO3_URL_GENERAL . '</a>'
'<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' . TYPO3_URL_GENERAL . '</a>'
) . ' ' .
strip_tags($warrantyNote, '<a>') . ' ' .
sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:free.software'),
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank">',
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
'</a> '
)
. $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:keep.notice');
......
......@@ -43,7 +43,7 @@
<source>You are using an unsupported browser version.</source>
</trans-unit>
<trans-unit id="warning.incompatibleBrowserInternetExplorer">
<source>Please install &lt;a href="http://www.microsoft.com/internetexplorer/" target="_blank" /&gt;a more modern browser version&lt;/a&gt;.</source>
<source>Please install &lt;a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noopener noreferrer" /&gt;a more modern browser version&lt;/a&gt;.</source>
</trans-unit>
<trans-unit id="newsheadline">
<source>Important Messages</source>
......
......@@ -100,8 +100,8 @@
<f:format.raw>{copyright}</f:format.raw>
</p>
<ul class="list-unstyled">
<li><a href="https://typo3.org" target="_blank" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
<li><a href="https://typo3.org/donate/online-donation/" target="_blank" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
<li><a href="https://typo3.org" target="_blank" rel="noopener noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
<li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noopener noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
</ul>
</div>
</div>
......
......@@ -107,7 +107,7 @@ HTML;
Once you have found a solution to the problem, help others by contributing to the wiki page.
</p>
<p>
<a href="$wikiLink" target="_blank">Find a solution for this exception in the TYPO3 wiki.</a>
<a href="$wikiLink" target="_blank" rel="noopener noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
</p>
</div>
</div>
......
......@@ -52,7 +52,7 @@ GFX:
description: 'If set, the processor_stripColorProfileCommand is used with all processor image operations by default. See tsRef for setting this parameter explicitly for IMAGE generation.'
processor_stripColorProfileCommand:
type: text
description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank">imagemagick.org</a> for details'
description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noopener noreferrer">imagemagick.org</a> for details'
processor_colorspace:
type: text
description: 'String: Specify the colorspace to use. Some ImageMagick versions (like 6.7.0 and above) use the sRGB colorspace, so all images are darker then the original. <br />Possible Values: CMY, CMYK, Gray, HCL, HSB, HSL, HWB, Lab, LCH, LMS, Log, Luv, OHTA, Rec601Luma, Rec601YCbCr, Rec709Luma, Rec709YCbCr, RGB, sRGB, Transparent, XYZ, YCbCr, YCC, YIQ, YCbCr, YUV'
......@@ -99,10 +99,10 @@ SYS:
description: 'Defines a list of IP addresses which will allow development-output to display. The debug() function will use this as a filter. See the function <code>\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP()</code> for details on syntax. Setting this to blank value will deny all. Setting to "*" will allow all.'
ddmmyy:
type: text
description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank">date()</a>'
description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
hhmm:
type: text
description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank">date()</a>'
description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
USdateFormat:
type: bool
description: 'If TRUE, dates entered in the TCEforms of the backend will be formatted mm-dd-yyyy'
......@@ -129,7 +129,7 @@ SYS:
description: 'Integer: memory_limit in MB: If more than 16, TYPO3 will try to use ini_set() to set the memory limit of PHP to the value. This works only if the function ini_set() is not disabled by your sysadmin.'
phpTimeZone:
type: text
description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noopener noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noopener noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
systemLog:
type: bool
description: 'Enables the deprecated system log functionality. Log data is written to the Logging API.'
......@@ -147,7 +147,7 @@ SYS:
description: 'If TRUE then TYPO3 uses utf-8 to store file names. This allows for accented Latin letters as well as any other non-latin characters like Cyrillic and Chinese.'
systemLocale:
type: text
description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank">setlocale()</a>.'
description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.'
reverseProxyIP:
type: list
description: 'List of IP addresses. If TYPO3 is behind one or more (intransparent) reverse proxies the IP addresses must be added here.'
......@@ -188,13 +188,13 @@ SYS:
description: 'Classname to handle PHP errors. E.g.: TYPO3\CMS\Core\Error\ErrorHandler. This class displays and logs all errors that are registered as [SYS][errorHandlerErrors]. Leave empty to disable error handling. Errors will be logged and can be sent to the optionally installed developer log or to the "syslog" database table. If an error is registered in [SYS][exceptionalErrors] it will be turned into an exception to be handled by the configured exceptionHandler.'
errorHandlerErrors:
type: errors
description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank">PHP documentation</a>).'
description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
exceptionalErrors:
type: errors
description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noopener noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
belogErrorReporting:
type: errors
description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank">PHP documentation</a>).'
description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
generateApacheHtaccess:
type: bool
description: 'TYPO3 can create <em>.htaccess</em> files which are used by Apache Webserver. They are useful for access protection or performance improvements. Currently <em>.htaccess</em> files in the following directories are created, if they do not exist: <ul><li>typo3temp/compressor/</li></ul>You want to disable this feature, if you are not running Apache or want to use own rulesets.'
......@@ -527,7 +527,7 @@ MAIL:
description: '<em>only with transport=smtp</em>: &lt;server:port> of mailserver to connect to. &lt;port> defaults to "25".'
transport_smtp_encrypt:
type: text
description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank">stream_get_transports()</a>.'
description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noopener noreferrer"">stream_get_transports()</a>.'
transport_smtp_username:
type: text
description: '<em>only with transport=smtp</em>: If your SMTP server requires authentication, enter your username here.'
......
......@@ -25,7 +25,7 @@
<div class="callout-body">
{message}
<f:if condition="{errorCode} > 0">
<p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank">online</a>.</p>
<p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noopener noreferrer">online</a>.</p>
</f:if>
</div>
</div>
......
......@@ -47,7 +47,7 @@
<tr class="ter-ext-single-info-manual">
<th><f:translate key="extensionList.showAllVersions.manual" /></th>
<td>
<a href="https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/" target="_blank">
<a href="https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/" target="_blank" rel="noopener noreferrer">
<f:translate key="extensionList.showAllVersions.readOnline" />
</a>
</td>
......
......@@ -324,8 +324,8 @@ class DocumentationFile
protected function parseContent(string $rstContent): string
{
$content = htmlspecialchars($rstContent);
$content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank">\\1</a>', $content);
$content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank">\\1</a>', $content);
$content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
$content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
$content = preg_replace('/(\n([=]*)\n(.*)\n([=]*)\n)/', '', $content, 1);
$content = preg_replace('/.. index::(.*)/', '', $content);
$content = preg_replace('/.. include::(.*)/', '', $content);
......
......@@ -42,7 +42,7 @@
<f:then>
<div class="card-footer text-muted">
You can't use this feature, because your installation is in composer mode.
Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank">Composer dumpautoload</a>.
Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noopener noreferrer">Composer dumpautoload</a>.
</div>
</f:then>
<f:else>
......
......@@ -12,7 +12,7 @@
<f:then>
<div class="card-footer text-muted">
You can't use this feature, because your installation is in composer mode.
Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank">install the new source</a>.
Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noopener noreferrer">install the new source</a>.
</div>
</f:then>
<f:else>
......
......@@ -6,7 +6,7 @@
upgrading to new core versions. However, the detection approach - based on static
code analysis - is limited by concept: false positives/negatives are impossible to avoid.
Further details can be found at
<a style="text-decoration: underline;" target="_blank" rel="noopener" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
<a style="text-decoration: underline;" target="_blank" rel="noopener noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
the official docs.
</a>
</p>
......
......@@ -49,7 +49,7 @@
<td>###ACTIONLINKOPEN######ELEMENT######ACTIONLINKCLOSE###</td>
<td>###PATH###</td>
<td>###HEADLINK###</td>
<td><a href="###LINKTARGET###" target="_blank">###LINKTARGET###</a></td>
<td><a href="###LINKTARGET###" target="_blank" rel="noopener noreferrer">###LINKTARGET###</a></td>
<td>###LINKMESSAGE###</td>
<td>###LASTCHECK###</td>
<td>###ACTIONLINKOPEN######ACTIONLINKICON######ACTIONLINKCLOSE###</td>
......
......@@ -2,7 +2,7 @@
<div id="typo3-topbar">
<div class="typo3-topbar-container" role="navigation" id="typo3-top-container">
<div class="typo3-topbar-site">
<a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank">
<a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noopener noreferrer">
<img src="{f:uri.resource(path: 'Images/typo3_logo_orange.svg', extensionName: 'backend')}" width="22" height="22" title="TYPO3 Content Management System" alt="">
</a>
<span class="typo3-topbar-site-name">{activeWorkspace}</span>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment