Merge pull request #787 from ebraminio/master

Add rel="noreferrer" to resolve window.opener issue

src/main/app/templates/feeds.view.html

@@ -6,7 +6,7 @@
 				<span ng-switch-when="starred">{{ 'tree.starred' | translate }}</span>
 				<span ng-switch-default>
 					<span ng-hide="feedLink">{{name}}</span>
-					<a ng-show="feedLink" href="{{feedLink}}" target="_blank">{{name}}</a>
+					<a ng-show="feedLink" href="{{feedLink}}" target="_blank" rel="noreferrer">{{name}}</a>
 				</span>
 			</span>
 			<span ng-show="name"> &#187;</span>
@@ -20,7 +20,7 @@
 		<div ng-repeat="entry in entries" class="entry entry-font-size-{{font_size}}" id="entry_{{entry.id}}"
 			ng-class="{unread: entry.read == false, current: current==entry, open: isOpen, closed: !isOpen }">
 			<div class="entry-heading" ng-swipe-right="mark(entry, !entry.read)">
-				<a href="{{entry.url}}" target="_blank" class="entry-heading-link" ng-click="noop($event)" ng-mouseup="entryClicked(entry, $event)">
+				<a href="{{entry.url}}" target="_blank" rel="noreferrer" class="entry-heading-link" ng-click="noop($event)" ng-mouseup="entryClicked(entry, $event)">
 					<span class="feed-name">
 						<span class="star" ng-mouseup="star(entry, !entry.starred, $event)">
 							<i ng-class="{'icon-star icon-star-yellow': entry.starred, 'icon-star-empty': !entry.starred}" class="pointer"></i>

src/main/java/com/commafeed/backend/feed/FeedUtils.java

@@ -92,6 +92,7 @@ public class FeedUtils {
 		whitelist.addProtocols("q", "cite", "http", "https");
 
 		whitelist.addEnforcedAttribute("a", "target", "_blank");
+		whitelist.addEnforcedAttribute("a", "rel", "noreferrer");
 		return whitelist;
 	}