Prevent XSS in links which open a new browser window

This commit is contained in:
Markus Staab 2017-10-19 12:16:04 +02:00
parent 8e25df9690
commit db34b59238
24 changed files with 70 additions and 70 deletions

View File

@ -8,7 +8,7 @@ script('federatedfilesharing', 'settings-admin');
<div id="fileSharingSettings" class="followupsection"> <div id="fileSharingSettings" class="followupsection">
<h3><?php p($l->t('Federated Cloud Sharing'));?></h3> <h3><?php p($l->t('Federated Cloud Sharing'));?></h3>
<a target="_blank" rel="noreferrer" class="icon-info svg" <a target="_blank" rel="noreferrer noopener" class="icon-info svg"
title="<?php p($l->t('Open documentation'));?>" title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-sharing-federated')); ?>"></a> href="<?php p(link_to_docs('admin-sharing-federated')); ?>"></a>
<p class="settings-hint"><?php p($l->t('Adjust how people can share between servers.')); ?></p> <p class="settings-hint"><?php p($l->t('Adjust how people can share between servers.')); ?></p>

View File

@ -43,7 +43,7 @@ style('federatedfilesharing', 'settings-personal');
<div class="hidden" id="oca-files-sharing-add-to-your-website-expanded"> <div class="hidden" id="oca-files-sharing-add-to-your-website-expanded">
<p style="margin: 10px 0"> <p style="margin: 10px 0">
<a target="_blank" rel="noreferrer" href="<?php p($_['reference']); ?>" <a target="_blank" rel="noreferrer noopener" href="<?php p($_['reference']); ?>"
style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;"> style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;">
<span style="background-image:url(<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL($_['logoPath'])); ?>);width:50px;height:30px;position:relative;top:8px;background-size:contain;display:inline-block;background-repeat:no-repeat; background-position: center center;"></span> <span style="background-image:url(<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL($_['logoPath'])); ?>);width:50px;height:30px;position:relative;top:8px;background-size:contain;display:inline-block;background-repeat:no-repeat; background-position: center center;"></span>
<?php p($l->t('Share with me via Nextcloud')); ?> <?php p($l->t('Share with me via Nextcloud')); ?>
@ -52,7 +52,7 @@ style('federatedfilesharing', 'settings-personal');
<p> <p>
<?php p($l->t('HTML Code:')); ?> <?php p($l->t('HTML Code:')); ?>
<xmp><a target="_blank" rel="noreferrer" href="<?php p($_['reference']); ?>" style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;"> <xmp><a target="_blank" rel="noreferrer noopener" href="<?php p($_['reference']); ?>" style="padding:10px;background-color:<?php p($_['color']); ?>;color:<?php p($_['textColor']); ?>;border-radius:3px;padding-left:4px;">
<span style="background-image:url(<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL($_['logoPath'])); ?>);width:50px;height:30px;position:relative;top:8px;background-size:contain;display:inline-block;background-repeat:no-repeat; background-position: center center;"></span> <span style="background-image:url(<?php p(\OC::$server->getURLGenerator()->getAbsoluteURL($_['logoPath'])); ?>);width:50px;height:30px;position:relative;top:8px;background-size:contain;display:inline-block;background-repeat:no-repeat; background-position: center center;"></span>
<?php p($l->t('Share with me via Nextcloud')); ?></a></xmp> <?php p($l->t('Share with me via Nextcloud')); ?></a></xmp>
</p> </p>

View File

@ -42,7 +42,7 @@
</div> </div>
<label for="webdavurl"><?php p($l->t('WebDAV'));?></label> <label for="webdavurl"><?php p($l->t('WebDAV'));?></label>
<input id="webdavurl" type="text" readonly="readonly" value="<?php p(\OCP\Util::linkToRemote('webdav')); ?>" /> <input id="webdavurl" type="text" readonly="readonly" value="<?php p(\OCP\Util::linkToRemote('webdav')); ?>" />
<em><?php print_unescaped($l->t('Use this address to <a href="%s" target="_blank" rel="noreferrer">access your Files via WebDAV</a>', array(link_to_docs('user-webdav'))));?></em> <em><?php print_unescaped($l->t('Use this address to <a href="%s" target="_blank" rel="noreferrer noopener">access your Files via WebDAV</a>', array(link_to_docs('user-webdav'))));?></em>
</div> </div>
</div> </div>
</div> </div>

View File

@ -134,7 +134,7 @@ class ThemingDefaults extends \OC_Defaults {
public function getShortFooter() { public function getShortFooter() {
$slogan = $this->getSlogan(); $slogan = $this->getSlogan();
$footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' . $footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' .
' rel="noreferrer">' .$this->getEntity() . '</a>'. ' rel="noreferrer noopener">' .$this->getEntity() . '</a>'.
($slogan !== '' ? ' ' . $slogan : ''); ($slogan !== '' ? ' ' . $slogan : '');
return $footer; return $footer;

View File

@ -217,7 +217,7 @@ class ThemingDefaultsTest extends TestCase {
['theming', 'slogan', $this->defaults->getSlogan(), 'Slogan'], ['theming', 'slogan', $this->defaults->getSlogan(), 'Slogan'],
]); ]);
$this->assertEquals('<a href="url" target="_blank" rel="noreferrer">Name</a> Slogan', $this->template->getShortFooter()); $this->assertEquals('<a href="url" target="_blank" rel="noreferrer noopener">Name</a> Slogan', $this->template->getShortFooter());
} }
public function testGetShortFooterEmptySlogan() { public function testGetShortFooterEmptySlogan() {
@ -230,7 +230,7 @@ class ThemingDefaultsTest extends TestCase {
['theming', 'slogan', $this->defaults->getSlogan(), ''], ['theming', 'slogan', $this->defaults->getSlogan(), ''],
]); ]);
$this->assertEquals('<a href="url" target="_blank" rel="noreferrer">Name</a>', $this->template->getShortFooter()); $this->assertEquals('<a href="url" target="_blank" rel="noreferrer noopener">Name</a>', $this->template->getShortFooter());
} }
public function testgetColorPrimaryWithDefault() { public function testgetColorPrimaryWithDefault() {

View File

@ -3,7 +3,7 @@
<?php p($l->t('Test Configuration'));?> <?php p($l->t('Test Configuration'));?>
</button> </button>
<a href="<?php p(link_to_docs('admin-ldap')); ?>" <a href="<?php p(link_to_docs('admin-ldap')); ?>"
target="_blank" rel="noreferrer"> target="_blank" rel="noreferrer noopener">
<img src="<?php print_unescaped(image_path('', 'actions/info.svg')); ?>" <img src="<?php print_unescaped(image_path('', 'actions/info.svg')); ?>"
style="height:1.75ex" /> style="height:1.75ex" />
<?php p($l->t('Help'));?> <?php p($l->t('Help'));?>

View File

@ -9,7 +9,7 @@
<?php p($l->t('Continue'));?> <?php p($l->t('Continue'));?>
</button> </button>
<a href="<?php p(link_to_docs('admin-ldap')); ?>" <a href="<?php p(link_to_docs('admin-ldap')); ?>"
target="_blank" rel="noreferrer"> target="_blank" rel="noreferrer noopener">
<img src="<?php print_unescaped(image_path('', 'actions/info.svg')); ?>" <img src="<?php print_unescaped(image_path('', 'actions/info.svg')); ?>"
style="height:1.75ex" /> style="height:1.75ex" />
<span class="ldap_grey"><?php p($l->t('Help'));?></span> <span class="ldap_grey"><?php p($l->t('Help'));?></span>

View File

@ -25,7 +25,7 @@
<div id="<?php p($_['appid']); ?>" class="section workflowengine"> <div id="<?php p($_['appid']); ?>" class="section workflowengine">
<h2 class="inlineblock"><?php p($_['heading']); ?></h2> <h2 class="inlineblock"><?php p($_['heading']); ?></h2>
<?php if (!empty($_['docs'])): ?> <?php if (!empty($_['docs'])): ?>
<a target="_blank" rel="noreferrer" class="icon-info svg" <a target="_blank" rel="noreferrer noopener" class="icon-info svg"
title="<?php p($l->t('Open documentation'));?>" title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs($_['docs'])); ?>"> href="<?php p(link_to_docs($_['docs'])); ?>">
</a> </a>

View File

@ -66,7 +66,7 @@
if (xhr.status !== 207) { if (xhr.status !== 207) {
var docUrl = placeholderUrl.replace('PLACEHOLDER', 'admin-setup-well-known-URL'); var docUrl = placeholderUrl.replace('PLACEHOLDER', 'admin-setup-well-known-URL');
messages.push({ messages.push({
msg: t('core', 'Your web server is not set up properly to resolve "{url}". Further information can be found in our <a target="_blank" rel="noreferrer" href="{docLink}">documentation</a>.', { docLink: docUrl, url: url }), msg: t('core', 'Your web server is not set up properly to resolve "{url}". Further information can be found in our <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', { docLink: docUrl, url: url }),
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}); });
} }
@ -100,13 +100,13 @@
} }
if(!data.isMemcacheConfigured) { if(!data.isMemcacheConfigured) {
messages.push({ messages.push({
msg: t('core', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a target="_blank" rel="noreferrer" href="{docLink}">documentation</a>.', {docLink: data.memcacheDocs}), msg: t('core', 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', {docLink: data.memcacheDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}); });
} }
if(!data.isUrandomAvailable) { if(!data.isUrandomAvailable) {
messages.push({ messages.push({
msg: t('core', '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a target="_blank" rel="noreferrer" href="{docLink}">documentation</a>.', {docLink: data.securityDocs}), msg: t('core', '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', {docLink: data.securityDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}); });
} }
@ -118,19 +118,19 @@
} }
if(data.phpSupported && data.phpSupported.eol) { if(data.phpSupported && data.phpSupported.eol) {
messages.push({ messages.push({
msg: t('core', 'You are currently running PHP {version}. We encourage you to upgrade your PHP version to take advantage of <a target="_blank" rel="noreferrer" href="{phpLink}">performance and security updates provided by the PHP Group</a> as soon as your distribution supports it.', {version: data.phpSupported.version, phpLink: 'https://secure.php.net/supported-versions.php'}), msg: t('core', 'You are currently running PHP {version}. We encourage you to upgrade your PHP version to take advantage of <a target="_blank" rel="noreferrer noopener" href="{phpLink}">performance and security updates provided by the PHP Group</a> as soon as your distribution supports it.', {version: data.phpSupported.version, phpLink: 'https://secure.php.net/supported-versions.php'}),
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}); });
} }
if(!data.forwardedForHeadersWorking) { if(!data.forwardedForHeadersWorking) {
messages.push({ messages.push({
msg: t('core', 'The reverse proxy headers configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If you are not accessing Nextcloud from a trusted proxy, this is a security issue and can allow an attacker to spoof their IP address as visible to Nextcloud. Further information can be found in our <a target="_blank" rel="noreferrer" href="{docLink}">documentation</a>.', {docLink: data.reverseProxyDocs}), msg: t('core', 'The reverse proxy headers configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If you are not accessing Nextcloud from a trusted proxy, this is a security issue and can allow an attacker to spoof their IP address as visible to Nextcloud. Further information can be found in our <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', {docLink: data.reverseProxyDocs}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}); });
} }
if(!data.isCorrectMemcachedPHPModuleInstalled) { if(!data.isCorrectMemcachedPHPModuleInstalled) {
messages.push({ messages.push({
msg: t('core', 'Memcached is configured as distributed cache, but the wrong PHP module "memcache" is installed. \\OC\\Memcache\\Memcached only supports "memcached" and not "memcache". See the <a target="_blank" rel="noreferrer" href="{wikiLink}">memcached wiki about both modules</a>.', {wikiLink: 'https://code.google.com/p/memcached/wiki/PHPClientComparison'}), msg: t('core', 'Memcached is configured as distributed cache, but the wrong PHP module "memcache" is installed. \\OC\\Memcache\\Memcached only supports "memcached" and not "memcache". See the <a target="_blank" rel="noreferrer noopener" href="{wikiLink}">memcached wiki about both modules</a>.', {wikiLink: 'https://code.google.com/p/memcached/wiki/PHPClientComparison'}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}); });
} }
@ -138,7 +138,7 @@
messages.push({ messages.push({
msg: t( msg: t(
'core', 'core',
'Some files have not passed the integrity check. Further information on how to resolve this issue can be found in our <a target="_blank" rel="noreferrer" href="{docLink}">documentation</a>. (<a href="{codeIntegrityDownloadEndpoint}">List of invalid files…</a> / <a href="{rescanEndpoint}">Rescan…</a>)', 'Some files have not passed the integrity check. Further information on how to resolve this issue can be found in our <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>. (<a href="{codeIntegrityDownloadEndpoint}">List of invalid files…</a> / <a href="{rescanEndpoint}">Rescan…</a>)',
{ {
docLink: data.codeIntegrityCheckerDocumentation, docLink: data.codeIntegrityCheckerDocumentation,
codeIntegrityDownloadEndpoint: OC.generateUrl('/settings/integrity/failed'), codeIntegrityDownloadEndpoint: OC.generateUrl('/settings/integrity/failed'),
@ -152,7 +152,7 @@
messages.push({ messages.push({
msg: t( msg: t(
'core', 'core',
'The PHP OPcache is not properly configured. <a target="_blank" rel="noreferrer" href="{docLink}">For better performance we recommend</a> to use following settings in the <code>php.ini</code>:', 'The PHP OPcache is not properly configured. <a target="_blank" rel="noreferrer noopener" href="{docLink}">For better performance we recommend</a> to use following settings in the <code>php.ini</code>:',
{ {
docLink: data.phpOpcacheDocumentation, docLink: data.phpOpcacheDocumentation,
} }
@ -300,7 +300,7 @@
var minimumSeconds = 15552000; var minimumSeconds = 15552000;
if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) { if(isNaN(transportSecurityValidity) || transportSecurityValidity <= (minimumSeconds - 1)) {
messages.push({ messages.push({
msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer">security tips</a>.', {'seconds': minimumSeconds, docUrl: tipsUrl}), msg: t('core', 'The "Strict-Transport-Security" HTTP header is not configured to at least "{seconds}" seconds. For enhanced security we recommend enabling HSTS as described in our <a href="{docUrl}" rel="noreferrer noopener">security tips</a>.', {'seconds': minimumSeconds, docUrl: tipsUrl}),
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}); });
} }

View File

@ -68,7 +68,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'Your web server is not set up properly to resolve "/.well-known/caldav/". Further information can be found in our <a href="http://example.org/admin-setup-well-known-URL" rel="noreferrer">documentation</a>.', msg: 'Your web server is not set up properly to resolve "/.well-known/caldav/". Further information can be found in our <a href="http://example.org/admin-setup-well-known-URL" rel="noreferrer noopener">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]); }]);
done(); done();
@ -166,7 +166,7 @@ describe('OC.SetupChecks tests', function() {
msg: 'This server has no working Internet connection: Multiple endpoints could not be reached. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.', msg: 'This server has no working Internet connection: Multiple endpoints could not be reached. This means that some of the features like mounting external storage, notifications about updates or installation of third-party apps will not work. Accessing files remotely and sending of notification emails might not work, either. We suggest to enable Internet connection for this server if you want to have all features.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, { }, {
msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://docs.nextcloud.com/server/go.php?to=admin-performance" rel="noreferrer">documentation</a>.', msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://docs.nextcloud.com/server/go.php?to=admin-performance" rel="noreferrer noopener">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]); }]);
done(); done();
@ -200,7 +200,7 @@ describe('OC.SetupChecks tests', function() {
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}, },
{ {
msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://docs.nextcloud.com/server/go.php?to=admin-performance" rel="noreferrer">documentation</a>.', msg: 'No memory cache has been configured. To enhance your performance please configure a memcache if available. Further information can be found in our <a href="https://docs.nextcloud.com/server/go.php?to=admin-performance" rel="noreferrer noopener">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]); }]);
done(); done();
@ -261,7 +261,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="https://docs.owncloud.org/myDocs.html" rel="noreferrer">documentation</a>.', msg: '/dev/urandom is not readable by PHP which is highly discouraged for security reasons. Further information can be found in our <a href="https://docs.owncloud.org/myDocs.html" rel="noreferrer noopener">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]); }]);
done(); done();
@ -291,7 +291,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'Memcached is configured as distributed cache, but the wrong PHP module "memcache" is installed. \\OC\\Memcache\\Memcached only supports "memcached" and not "memcache". See the <a href="https://code.google.com/p/memcached/wiki/PHPClientComparison" rel="noreferrer">memcached wiki about both modules</a>.', msg: 'Memcached is configured as distributed cache, but the wrong PHP module "memcache" is installed. \\OC\\Memcache\\Memcached only supports "memcached" and not "memcache". See the <a href="https://code.google.com/p/memcached/wiki/PHPClientComparison" rel="noreferrer noopener">memcached wiki about both modules</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]); }]);
done(); done();
@ -321,7 +321,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'The reverse proxy headers configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If you are not accessing Nextcloud from a trusted proxy, this is a security issue and can allow an attacker to spoof their IP address as visible to Nextcloud. Further information can be found in our <a href="https://docs.owncloud.org/foo/bar.html" rel="noreferrer">documentation</a>.', msg: 'The reverse proxy headers configuration is incorrect, or you are accessing Nextcloud from a trusted proxy. If you are not accessing Nextcloud from a trusted proxy, this is a security issue and can allow an attacker to spoof their IP address as visible to Nextcloud. Further information can be found in our <a href="https://docs.owncloud.org/foo/bar.html" rel="noreferrer noopener">documentation</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]); }]);
done(); done();
@ -402,7 +402,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of <a href="https://secure.php.net/supported-versions.php" rel="noreferrer">performance and security updates provided by the PHP Group</a> as soon as your distribution supports it.', msg: 'You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of <a href="https://secure.php.net/supported-versions.php" rel="noreferrer noopener">performance and security updates provided by the PHP Group</a> as soon as your distribution supports it.',
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]); }]);
done(); done();
@ -433,7 +433,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'The PHP OPcache is not properly configured. <a href="https://example.org/link/to/doc" rel="noreferrer">For better performance we recommend</a> to use following settings in the <code>php.ini</code>:' + "<pre><code>opcache.enable=1\nopcache.enable_cli=1\nopcache.interned_strings_buffer=8\nopcache.max_accelerated_files=10000\nopcache.memory_consumption=128\nopcache.save_comments=1\nopcache.revalidate_freq=1</code></pre>", msg: 'The PHP OPcache is not properly configured. <a href="https://example.org/link/to/doc" rel="noreferrer noopener">For better performance we recommend</a> to use following settings in the <code>php.ini</code>:' + "<pre><code>opcache.enable=1\nopcache.enable_cli=1\nopcache.interned_strings_buffer=8\nopcache.max_accelerated_files=10000\nopcache.memory_consumption=128\nopcache.save_comments=1\nopcache.revalidate_freq=1</code></pre>",
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}]); }]);
done(); done();
@ -617,7 +617,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a rel="noreferrer" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.', msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a rel="noreferrer noopener" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]); }]);
done(); done();
@ -642,7 +642,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a rel="noreferrer" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.', msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a rel="noreferrer noopener" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]); }]);
done(); done();
@ -667,7 +667,7 @@ describe('OC.SetupChecks tests', function() {
async.done(function( data, s, x ){ async.done(function( data, s, x ){
expect(data).toEqual([{ expect(data).toEqual([{
msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a rel="noreferrer" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.', msg: 'The "Strict-Transport-Security" HTTP header is not configured to at least "15552000" seconds. For enhanced security we recommend enabling HSTS as described in our <a rel="noreferrer noopener" href="http://localhost/index.php/settings/admin/tips-tricks">security tips</a>.',
type: OC.SetupChecks.MESSAGE_TYPE_WARNING type: OC.SetupChecks.MESSAGE_TYPE_WARNING
}]); }]);
done(); done();

View File

@ -30,7 +30,7 @@ script('core', [
<legend><strong><?php p($l->t('Security warning'));?></strong></legend> <legend><strong><?php p($l->t('Security warning'));?></strong></legend>
<p><?php p($l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.'));?><br> <p><?php p($l->t('Your data directory and files are probably accessible from the internet because the .htaccess file does not work.'));?><br>
<?php print_unescaped($l->t( <?php print_unescaped($l->t(
'For information how to properly configure your server, please see the <a href="%s" target="_blank" rel="noreferrer">documentation</a>.', 'For information how to properly configure your server, please see the <a href="%s" target="_blank" rel="noreferrer noopener">documentation</a>.',
link_to_docs('admin-install') link_to_docs('admin-install')
)); ?></p> )); ?></p>
</fieldset> </fieldset>
@ -84,7 +84,7 @@ script('core', [
<p class="info"> <p class="info">
<?php p($l->t( 'Only %s is available.', array($label) )); ?> <?php p($l->t( 'Only %s is available.', array($label) )); ?>
<?php p($l->t( 'Install and activate additional PHP modules to choose other database types.' )); ?><br> <?php p($l->t( 'Install and activate additional PHP modules to choose other database types.' )); ?><br>
<a href="<?php print_unescaped(link_to_docs('admin-source_install')); ?>" target="_blank" rel="noreferrer"> <a href="<?php print_unescaped(link_to_docs('admin-source_install')); ?>" target="_blank" rel="noreferrer noopener">
<?php p($l->t( 'For more details check out the documentation.' )); ?> ↗</a> <?php p($l->t( 'For more details check out the documentation.' )); ?> ↗</a>
</p> </p>
<input type="hidden" id="dbtype" name="dbtype" value="<?php p($type) ?>"> <input type="hidden" id="dbtype" name="dbtype" value="<?php p($type) ?>">
@ -166,6 +166,6 @@ script('core', [
<p class="info"> <p class="info">
<span class="icon-info-white"></span> <span class="icon-info-white"></span>
<?php p($l->t('Need help?'));?> <?php p($l->t('Need help?'));?>
<a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-install')); ?>"><?php p($l->t('See the documentation'));?> ↗</a> <a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-install')); ?>"><?php p($l->t('See the documentation'));?> ↗</a>
</p> </p>
</form> </form>

View File

@ -3,7 +3,7 @@
<div> <div>
<?php print_unescaped(str_replace( <?php print_unescaped(str_replace(
['{linkstart}', '{linkend}'], ['{linkstart}', '{linkend}'],
['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer">', '</a>'], ['<a href="https://www.enable-javascript.com/" target="_blank" rel="noreferrer noopener">', '</a>'],
$l->t('This application requires JavaScript for correct operation. Please {linkstart}enable JavaScript{linkend} and reload the page.') $l->t('This application requires JavaScript for correct operation. Please {linkstart}enable JavaScript{linkend} and reload the page.')
)); ?> )); ?>
</div> </div>

View File

@ -8,7 +8,7 @@
p($l->t('Please use the command line updater because automatic updating is disabled in the config.php.')); p($l->t('Please use the command line updater because automatic updating is disabled in the config.php.'));
} ?><br><br> } ?><br><br>
<?php <?php
print_unescaped($l->t('For help, see the <a target="_blank" rel="noreferrer" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br> print_unescaped($l->t('For help, see the <a target="_blank" rel="noreferrer noopener" href="%s">documentation</a>.', [link_to_docs('admin-cli-upgrade')])); ?><br><br>
</div> </div>
</div> </div>

View File

@ -548,7 +548,7 @@ class Installer {
} catch (TableExistsException $e) { } catch (TableExistsException $e) {
throw new HintException( throw new HintException(
'Failed to enable app ' . $app, 'Failed to enable app ' . $app,
'Please ask for help via one of our <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer">support channels</a>.', 'Please ask for help via one of our <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer noopener">support channels</a>.',
0, $e 0, $e
); );
} }

View File

@ -235,7 +235,7 @@ class OC_Defaults {
$footer = $this->theme->getShortFooter(); $footer = $this->theme->getShortFooter();
} else { } else {
$footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' . $footer = '<a href="'. $this->getBaseUrl() . '" target="_blank"' .
' rel="noreferrer">' .$this->getEntity() . '</a>'. ' rel="noreferrer noopener">' .$this->getEntity() . '</a>'.
' ' . $this->getSlogan(); ' ' . $this->getSlogan();
} }

View File

@ -24,7 +24,7 @@ script(
<?php if($_['appstoreEnabled']): ?> <?php if($_['appstoreEnabled']): ?>
<li> <li>
<a class="app-external icon-info" target="_blank" rel="noreferrer" href="https://docs.nextcloud.org/server/12/developer_manual/"><?php p($l->t('Developer documentation'));?> ↗</a> <a class="app-external icon-info" target="_blank" rel="noreferrer noopener" href="https://docs.nextcloud.org/server/12/developer_manual/"><?php p($l->t('Developer documentation'));?> ↗</a>
</li> </li>
<?php endif; ?> <?php endif; ?>
</script> </script>
@ -44,7 +44,7 @@ script(
<div class="app-image app-image-icon"></div> <div class="app-image app-image-icon"></div>
<div class="app-name"> <div class="app-name">
{{#if detailpage}} {{#if detailpage}}
<a href="{{detailpage}}" target="_blank" rel="noreferrer">{{name}}</a> <a href="{{detailpage}}" target="_blank" rel="noreferrer noopener">{{name}}</a>
{{else}} {{else}}
{{name}} {{name}}
{{/if}} {{/if}}
@ -90,7 +90,7 @@ script(
{{/if}} {{/if}}
<h2 class="app-name"> <h2 class="app-name">
{{#if detailpage}} {{#if detailpage}}
<a href="{{detailpage}}" target="_blank" rel="noreferrer">{{name}}</a> <a href="{{detailpage}}" target="_blank" rel="noreferrer noopener">{{name}}</a>
{{else}} {{else}}
{{name}} {{name}}
{{/if}} {{/if}}
@ -105,7 +105,7 @@ script(
<div class="app-description-container hidden"> <div class="app-description-container hidden">
<div class="app-version">{{version}}</div> <div class="app-version">{{version}}</div>
{{#if profilepage}}<a href="{{profilepage}}" target="_blank" rel="noreferrer">{{/if}} {{#if profilepage}}<a href="{{profilepage}}" target="_blank" rel="noreferrer noopener">{{/if}}
<div class="app-author"><?php p($l->t('by %s', ['{{author}}']));?> <div class="app-author"><?php p($l->t('by %s', ['{{author}}']));?>
{{#if licence}} {{#if licence}}
(<?php p($l->t('%s-licensed', ['{{licence}}'])); ?>) (<?php p($l->t('%s-licensed', ['{{licence}}'])); ?>)
@ -119,30 +119,30 @@ script(
<?php p($l->t("Documentation:"));?> <?php p($l->t("Documentation:"));?>
{{#if documentation.user}} {{#if documentation.user}}
<span class="userDocumentation"> <span class="userDocumentation">
<a id="userDocumentation" class="appslink" href="{{documentation.user}}" target="_blank" rel="noreferrer"><?php p($l->t('User documentation'));?> ↗</a> <a id="userDocumentation" class="appslink" href="{{documentation.user}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('User documentation'));?> ↗</a>
</span> </span>
{{/if}} {{/if}}
{{#if documentation.admin}} {{#if documentation.admin}}
<span class="adminDocumentation"> <span class="adminDocumentation">
<a id="adminDocumentation" class="appslink" href="{{documentation.admin}}" target="_blank" rel="noreferrer"><?php p($l->t('Admin documentation'));?> ↗</a> <a id="adminDocumentation" class="appslink" href="{{documentation.admin}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Admin documentation'));?> ↗</a>
</span> </span>
{{/if}} {{/if}}
{{#if documentation.developer}} {{#if documentation.developer}}
<span class="developerDocumentation"> <span class="developerDocumentation">
<a id="developerDocumentation" class="appslink" href="{{documentation.developer}}" target="_blank" rel="noreferrer"><?php p($l->t('Developer documentation'));?> ↗</a> <a id="developerDocumentation" class="appslink" href="{{documentation.developer}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Developer documentation'));?> ↗</a>
</span> </span>
{{/if}} {{/if}}
</p> </p>
{{/if}} {{/if}}
{{#if website}} {{#if website}}
<a id="userDocumentation" class="appslink" href="{{website}}" target="_blank" rel="noreferrer"><?php p($l->t('Visit website'));?> ↗</a> <a id="userDocumentation" class="appslink" href="{{website}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Visit website'));?> ↗</a>
{{/if}} {{/if}}
{{#if bugs}} {{#if bugs}}
<a id="adminDocumentation" class="appslink" href="{{bugs}}" target="_blank" rel="noreferrer"><?php p($l->t('Report a bug'));?> ↗</a> <a id="adminDocumentation" class="appslink" href="{{bugs}}" target="_blank" rel="noreferrer noopener"><?php p($l->t('Report a bug'));?> ↗</a>
{{/if}} {{/if}}
</div><!-- end app-description-container --> </div><!-- end app-description-container -->
<div class="app-description-toggle-show" role="link"><?php p($l->t("Show description …"));?></div> <div class="app-description-toggle-show" role="link"><?php p($l->t("Show description …"));?></div>

View File

@ -16,26 +16,26 @@
<?php } ?> <?php } ?>
<li> <li>
<a href="https://docs.nextcloud.org" target="_blank" rel="noreferrer"> <a href="https://docs.nextcloud.org" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Online documentation')); ?> <?php p($l->t('Online documentation')); ?>
</a> </a>
</li> </li>
<li> <li>
<a href="https://help.nextcloud.com" target="_blank" rel="noreferrer"> <a href="https://help.nextcloud.com" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Forum')); ?> <?php p($l->t('Forum')); ?>
</a> </a>
</li> </li>
<?php if($_['admin']) { ?> <?php if($_['admin']) { ?>
<li> <li>
<a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer"> <a href="https://nextcloud.com/support/" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Getting help')); ?> <?php p($l->t('Getting help')); ?>
</a> </a>
</li> </li>
<?php } ?> <?php } ?>
<li> <li>
<a href="https://nextcloud.com/enterprise/" target="_blank" rel="noreferrer"> <a href="https://nextcloud.com/enterprise/" target="_blank" rel="noreferrer noopener">
<?php p($l->t('Commercial support')); ?> <?php p($l->t('Commercial support')); ?>
</a> </a>
</li> </li>

View File

@ -7,9 +7,9 @@
'{linkclose}', '{linkclose}',
], ],
[ [
'<a href="https://nextcloud.com/contribute" target="_blank" rel="noreferrer">', '<a href="https://nextcloud.com/contribute" target="_blank" rel="noreferrer noopener">',
'<a href="https://github.com/nextcloud" target="_blank" rel="noreferrer">', '<a href="https://github.com/nextcloud" target="_blank" rel="noreferrer noopener">',
'<a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noreferrer">', '<a href="https://www.gnu.org/licenses/agpl-3.0.html" target="_blank" rel="noreferrer noopener">',
'</a>', '</a>',
], ],
$l->t('Developed by the {communityopen}Nextcloud community{linkclose}, the {githubopen}source code{linkclose} is licensed under the {licenseopen}AGPL{linkclose}.') $l->t('Developed by the {communityopen}Nextcloud community{linkclose}, the {githubopen}source code{linkclose} is licensed under the {licenseopen}AGPL{linkclose}.')

View File

@ -53,7 +53,7 @@ if ($_['mail_smtpmode'] === 'qmail') {
<div class="section" id="mail_general_settings"> <div class="section" id="mail_general_settings">
<form id="mail_general_settings_form" class="mail_settings"> <form id="mail_general_settings_form" class="mail_settings">
<h2><?php p($l->t('Email server'));?></h2> <h2><?php p($l->t('Email server'));?></h2>
<a target="_blank" rel="noreferrer" class="icon-info" <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>" title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-email')); ?>"></a> href="<?php p(link_to_docs('admin-email')); ?>"></a>
<p class="settings-hint"><?php p($l->t('It is important to set up this server to be able to send emails, like for password reset and notifications.')); ?></p> <p class="settings-hint"><?php p($l->t('It is important to set up this server to be able to send emails, like for password reset and notifications.')); ?></p>

View File

@ -28,7 +28,7 @@
<div class="section" id='encryptionAPI'> <div class="section" id='encryptionAPI'>
<h2><?php p($l->t('Server-side encryption')); ?></h2> <h2><?php p($l->t('Server-side encryption')); ?></h2>
<a target="_blank" rel="noreferrer" class="icon-info" <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>" title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-encryption')); ?>"></a> href="<?php p(link_to_docs('admin-encryption')); ?>"></a>
<p class="settings-hint"><?php p($l->t('Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')); ?></p> <p class="settings-hint"><?php p($l->t('Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')); ?></p>

View File

@ -36,7 +36,7 @@
?> ?>
<li> <li>
<?php p($l->t('PHP does not seem to be setup properly to query system environment variables. The test with getenv("PATH") only returns an empty response.')); ?><br> <?php p($l->t('PHP does not seem to be setup properly to query system environment variables. The test with getenv("PATH") only returns an empty response.')); ?><br>
<?php print_unescaped($l->t('Please check the <a target="_blank" rel="noreferrer" href="%s">installation documentation ↗</a> for PHP configuration notes and the PHP configuration of your server, especially when using php-fpm.', link_to_docs('admin-php-fpm'))); ?> <?php print_unescaped($l->t('Please check the <a target="_blank" rel="noreferrer noopener" href="%s">installation documentation ↗</a> for PHP configuration notes and the PHP configuration of your server, especially when using php-fpm.', link_to_docs('admin-php-fpm'))); ?>
</li> </li>
<?php <?php
} }
@ -91,7 +91,7 @@
if ($_['fileLockingType'] === 'none') { if ($_['fileLockingType'] === 'none') {
?> ?>
<li> <li>
<?php print_unescaped($l->t('Transactional file locking is disabled, this might lead to issues with race conditions. Enable \'filelocking.enabled\' in config.php to avoid these problems. See the <a target="_blank" rel="noreferrer" href="%s">documentation ↗</a> for more information.', link_to_docs('admin-transactional-locking'))); ?> <?php print_unescaped($l->t('Transactional file locking is disabled, this might lead to issues with race conditions. Enable \'filelocking.enabled\' in config.php to avoid these problems. See the <a target="_blank" rel="noreferrer noopener" href="%s">documentation ↗</a> for more information.', link_to_docs('admin-transactional-locking'))); ?>
</li> </li>
<?php <?php
} }
@ -146,7 +146,7 @@
<ul class="warnings hidden"></ul> <ul class="warnings hidden"></ul>
<ul class="info hidden"></ul> <ul class="info hidden"></ul>
<p class="hint hidden"> <p class="hint hidden">
<?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="%s">log</a>.', [link_to_docs('admin-install'), \OC::$server->getURLGenerator()->linkToRoute('settings.AdminSettings.index', ['section' => 'logging'])] )); ?> <?php print_unescaped($l->t('Please double check the <a target="_blank" rel="noreferrer noopener" href="%s">installation guides ↗</a>, and check for any errors or warnings in the <a href="%s">log</a>.', [link_to_docs('admin-install'), \OC::$server->getURLGenerator()->linkToRoute('settings.AdminSettings.index', ['section' => 'logging'])] )); ?>
</p> </p>
</div> </div>
<div id="security-warning-state"> <div id="security-warning-state">
@ -176,7 +176,7 @@
<?php p($l->t("Background job didnt run yet!")); <?php p($l->t("Background job didnt run yet!"));
endif; ?> endif; ?>
</p> </p>
<a target="_blank" rel="noreferrer" class="icon-info" <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>" title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-background-jobs')); ?>"></a> href="<?php p(link_to_docs('admin-background-jobs')); ?>"></a>
@ -223,5 +223,5 @@
<div class="section"> <div class="section">
<!-- should be the last part, so Updater can follow if enabled (it has no heading therefore). --> <!-- should be the last part, so Updater can follow if enabled (it has no heading therefore). -->
<h2><?php p($l->t('Version'));?></h2> <h2><?php p($l->t('Version'));?></h2>
<p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></strong></p> <p><strong><a href="<?php print_unescaped($theme->getBaseUrl()); ?>" rel="noreferrer noopener" target="_blank"><?php p($theme->getTitle()); ?></a> <?php p(OC_Util::getHumanVersion()) ?></strong></p>
</div> </div>

View File

@ -28,7 +28,7 @@
<div class="section" id="shareAPI"> <div class="section" id="shareAPI">
<h2><?php p($l->t('Sharing'));?></h2> <h2><?php p($l->t('Sharing'));?></h2>
<a target="_blank" rel="noreferrer" class="icon-info" <a target="_blank" rel="noreferrer noopener" class="icon-info"
title="<?php p($l->t('Open documentation'));?>" title="<?php p($l->t('Open documentation'));?>"
href="<?php p(link_to_docs('admin-sharing')); ?>"></a> href="<?php p(link_to_docs('admin-sharing')); ?>"></a>
<p class="settings-hint"><?php p($l->t('As admin you can fine-tune the sharing behavior. Please see the documentation for more information.'));?></p> <p class="settings-hint"><?php p($l->t('As admin you can fine-tune the sharing behavior. Please see the documentation for more information.'));?></p>

View File

@ -37,15 +37,15 @@
<li> <li>
<?php p($l->t('SQLite is currently being used as the backend database. For larger installations we recommend that you switch to a different database backend.')); ?><br> <?php p($l->t('SQLite is currently being used as the backend database. For larger installations we recommend that you switch to a different database backend.')); ?><br>
<?php p($l->t('This is particularly recommended when using the desktop client for file synchronisation.')); ?><br> <?php p($l->t('This is particularly recommended when using the desktop client for file synchronisation.')); ?><br>
<?php print_unescaped($l->t('To migrate to another database use the command line tool: \'occ db:convert-type\', or see the <a target="_blank" rel="noreferrer" href="%s">documentation ↗</a>.', link_to_docs('admin-db-conversion') )); ?> <?php print_unescaped($l->t('To migrate to another database use the command line tool: \'occ db:convert-type\', or see the <a target="_blank" rel="noreferrer noopener" href="%s">documentation ↗</a>.', link_to_docs('admin-db-conversion') )); ?>
</li> </li>
<?php } ?> <?php } ?>
<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-backup')); ?>"><?php p($l->t('How to do backups'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-backup')); ?>"><?php p($l->t('How to do backups'));?> ↗</a></li>
<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-monitoring')); ?>"><?php p($l->t('Advanced monitoring'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-monitoring')); ?>"><?php p($l->t('Advanced monitoring'));?> ↗</a></li>
<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-performance')); ?>"><?php p($l->t('Performance tuning'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-performance')); ?>"><?php p($l->t('Performance tuning'));?> ↗</a></li>
<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-config')); ?>"><?php p($l->t('Improving the config.php'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-config')); ?>"><?php p($l->t('Improving the config.php'));?> ↗</a></li>
<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('developer-theming')); ?>"><?php p($l->t('Theming'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('developer-theming')); ?>"><?php p($l->t('Theming'));?> ↗</a></li>
<li><a target="_blank" rel="noreferrer" href="https://scan.nextcloud.com"><?php p($l->t('Check the security of your Nextcloud over our security scan'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="https://scan.nextcloud.com"><?php p($l->t('Check the security of your Nextcloud over our security scan'));?> ↗</a></li>
<li><a target="_blank" rel="noreferrer" href="<?php p(link_to_docs('admin-security')); ?>"><?php p($l->t('Hardening and security guidance'));?> ↗</a></li> <li><a target="_blank" rel="noreferrer noopener" href="<?php p(link_to_docs('admin-security')); ?>"><?php p($l->t('Hardening and security guidance'));?> ↗</a></li>
</ul> </ul>
</div> </div>

View File

@ -338,7 +338,7 @@ vendor_style('jcrop/css/jquery.Jcrop');
<?php endforeach;?> <?php endforeach;?>
</select> </select>
<a href="https://www.transifex.com/nextcloud/nextcloud/" <a href="https://www.transifex.com/nextcloud/nextcloud/"
target="_blank" rel="noreferrer"> target="_blank" rel="noreferrer noopener">
<em><?php p($l->t('Help translate'));?></em> <em><?php p($l->t('Help translate'));?></em>
</a> </a>
</form> </form>