From db34b59238846e5ec046a456b4f76649321571d1 Mon Sep 17 00:00:00 2001
From: Markus Staab <markus.staab@redaxo.de>
Date: Thu, 19 Oct 2017 12:16:04 +0200
Subject: Prevent XSS in links which open a new browser window

---
 core/templates/update.use-cli.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'core/templates/update.use-cli.php')

diff --git a/core/templates/update.use-cli.php b/core/templates/update.use-cli.php
index d30e15c8573..06d7e284907 100644
--- a/core/templates/update.use-cli.php
+++ b/core/templates/update.use-cli.php
@@ -8,7 +8,7 @@
 				p($l->t('Please use the command line updater because automatic updating is disabled in the config.php.'));
 			} ?><br><br>
 			<?php
-			print_unescaped($l->t('For help, see the  <a target="_blank" rel="noreferrer" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br>
+			print_unescaped($l->t('For help, see the  <a target="_blank" rel="noreferrer noopener" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br>
 		</div>
 	</div>
 
-- 
cgit v1.2.3