apply rel='noopener noreferrer' thanks @brianteeman

joomla · Jun 25, 2018 · 4c7206a · 4c7206a
1 parent 49a52a2
commit 4c7206a
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/administrator/language/en-GB/en-GB.plg_system_httpheaders.ini b/administrator/language/en-GB/en-GB.plg_system_httpheaders.ini
@@ -12,7 +12,7 @@ PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="The supported headers are: <br><u
 PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header"
 PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value"
 ; Please do not translate the following language string
-PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="<a href='https://scotthelme.co.uk/content-security-policy-an-introduction' target='_blank'>Content Security Policy (CSP)</a>"
+PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY="<a href='https://scotthelme.co.uk/content-security-policy-an-introduction' target='_blank' rel='noopener noreferrer'>Content Security Policy (CSP)</a>"
 ; Please do not translate 'Content-Security-Policy' & 'Content-Security-Policy-Report-Only' in the following language string
 PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_REPORT_ONLY_DESC="Use the header 'Content-Security-Policy-Report-Only' instead of 'Content-Security-Policy'."
 ; Please do not translate the following language string
@@ -23,7 +23,7 @@ PLG_SYSTEM_HTTPHEADERS_CONTENTSECURITYPOLICY_VALUES_VALUE="Value"
 PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT="Client"
 PLG_SYSTEM_HTTPHEADERS_HEADER_CLIENT_BOTH="Both"
 ; Please do not translate the following language string
-PLG_SYSTEM_HTTPHEADERS_HSTS="<a href='https://hstspreload.org' target='_blank'>HTTP Strict Transport Security (HSTS)</a>"
+PLG_SYSTEM_HTTPHEADERS_HSTS="<a href='https://hstspreload.org' target='_blank' rel='noopener noreferrer'>HTTP Strict Transport Security (HSTS)</a>"
 ; Please do not translate the following language string
 PLG_SYSTEM_HTTPHEADERS_HSTS_MAXAGE="max-age"
 ; Please do not translate 'max-age' in the following language string
@@ -38,13 +38,13 @@ PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS_DESC="HSTS should also be enabled <strong
 PLG_SYSTEM_HTTPHEADERS_HSTS_SUBDOMAINS="Also for subdomains"
 PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers"
 ; Please do not translate the names of the http headers in the following language string
-PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options' target='_blank'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection' target='_blank'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options' target='_blank'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/' target='_blank'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security' target='_blank'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy' target='_blank'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting' target='_blank'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking' target='_blank'>Clickjacking</a> attacks."
+PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="Joomla! comes with a built-in plugin that handles http security headers. It helps to secure your site by setting the following headers with the default values:<br><ul><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options' target='_blank' rel='noopener noreferrer'>'X-Frame-Options: SAMEORIGIN'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection' target='_blank' rel='noopener noreferrer'>'X-XSS-Protection: 1; mode=block'</a></li><li><a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options' target='_blank' rel='noopener noreferrer'>'X-Content-Type-Options: nosniff'</a></li><li><a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/' target='_blank' rel='noopener noreferrer'>'Referrer-Policy: no-referrer-when-downgrade'</a></li></ul><br>The full list of supported headers are: <br><ul><li><a href='https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security' target='_blank' rel='noopener noreferrer'>Strict-Transport-Security</a></li><li><a href='https://en.wikipedia.org/wiki/Content_Security_Policy' target='_blank' rel='noopener noreferrer'>Content-Security-Policy</a></li><li>Content-Security-Policy-Report-Only</li><li>X-Frame-Options</li><li>X-XSS-Protection</li><li>X-Content-Type-Options</li><li>Referrer-Policy</li><li>Expect-CT</li></ul><br>These headers help your browser to protect your website from <a href='https://en.wikipedia.org/wiki/Cross-site_scripting' target='_blank' rel='noopener noreferrer'>XSS</a> and <a href='https://en.wikipedia.org/wiki/Clickjacking' target='_blank' rel='noopener noreferrer'>Clickjacking</a> attacks."
 PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_ACTION="Enable default security headers"
 ; Please do not translate the following 3 language strings
-PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="<a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/' target='_blank'>Referrer-Policy</a>"
-PLG_SYSTEM_HTTPHEADERS_XCONTENTTYPEOPTIONS="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options' target='_blank'>X-Content-Type-Options</a>"
-PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options' target='_blank'>X-Frame-Options</a>"
+PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="<a href='https://scotthelme.co.uk/a-new-security-header-referrer-policy/' target='_blank' rel='noopener noreferrer'>Referrer-Policy</a>"
+PLG_SYSTEM_HTTPHEADERS_XCONTENTTYPEOPTIONS="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options' target='_blank' rel='noopener noreferrer'>X-Content-Type-Options</a>"
+PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options' target='_blank' rel='noopener noreferrer'>X-Frame-Options</a>"
 ; Please do not translate 'HTTP Security Headers' in the following language string
 PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin helps you to set the HTTP Security Headers"
 ; Please do not translate the following language string
-PLG_SYSTEM_HTTPHEADERS_XXSSPROTECTION="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection' target='_blank'>X-XSS-Protection</a>"
+PLG_SYSTEM_HTTPHEADERS_XXSSPROTECTION="<a href='https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection' target='_blank' rel='noopener noreferrer'>X-XSS-Protection</a>"