Merge pull request #5391 from mehdibo/fix/url-helper Prevent tab hijacking when using the URL helper

commit: 4dab9f8db84d5286ef1da9217af9e44771433b2f [log] [tgz]
author: Andrey Andreev <narf@devilix.net> Wed Jan 31 23:56:21 2018 +0200
committer: Andrey Andreev <narf@devilix.net> Mon Apr 23 14:32:38 2018 +0300
tree: c7adb1649119d5f62cecf7c17e7da1c945a7dca2
parent: 13265c5aabe5e3fd462a9f89031952b346efee73 [diff]
diff --git a/system/helpers/url_helper.php b/system/helpers/url_helper.php
index 0359ac9..a22c4c2 100644
--- a/system/helpers/url_helper.php
+++ b/system/helpers/url_helper.php

@@ -396,7 +396,7 @@
 		if ($type !== 'email' && preg_match_all('#(\w*://|www\.)[a-z0-9]+(-+[a-z0-9]+)*(\.[a-z0-9]+(-+[a-z0-9]+)*)+(/([^\s()<>;]+\w)?/?)?#i', $str, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER))
 		{
 			// Set our target HTML if using popup links.
-			$target = ($popup) ? ' target="_blank"' : '';
+			$target = ($popup) ? ' target="_blank" rel="noopener"' : '';
 
 			// We process the links in reverse order (last -> first) so that
 			// the returned string offsets from preg_match_all() are not
commit	4dab9f8db84d5286ef1da9217af9e44771433b2f	[log] [tgz]
author	Andrey Andreev <narf@devilix.net>	Wed Jan 31 23:56:21 2018 +0200
committer	Andrey Andreev <narf@devilix.net>	Mon Apr 23 14:32:38 2018 +0300
tree	c7adb1649119d5f62cecf7c17e7da1c945a7dca2
parent	13265c5aabe5e3fd462a9f89031952b346efee73 [diff]