add some protection against opener attacks if external site is opened via window.open()

include/functions2.php

@@ -1957,7 +1957,7 @@
 #				$entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
 #					$filename . " (" . $ctype . ")" . "</a>";
 
-				$entry = "<div onclick=\"window.open('".htmlspecialchars($url)."')\"
+				$entry = "<div onclick=\"openUrlPopup('".htmlspecialchars($url)."')\"
 					dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>";
 
 				array_push($entries_html, $entry);
@@ -2038,7 +2038,7 @@
 				else
 					$filename = "";
 
-				$rv .= "<div onclick='window.open(\"".htmlspecialchars($entry["url"])."\")'
+				$rv .= "<div onclick='openUrlPopup(\"".htmlspecialchars($entry["url"])."\")'
 					dojoType=\"dijit.MenuItem\">".$filename . $title."</div>";
 
 			};

js/functions.js

@@ -2064,9 +2064,17 @@ function getSelectionText() {
 	return text.stripTags();
 }
 
+function openUrlPopup(url) {
+	var w = window.open("");
+
+	w.opener = null;
+	w.location = url;
+}
 function openArticlePopup(id) {
-	window.open("backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id +
+	var w = window.open("",
-		"&csrf_token=" + getInitParam("csrf_token"),
 		"ttrss_article_popup",
 		"height=900,width=900,resizable=yes,status=no,location=no,menubar=no,directories=no,scrollbars=yes,toolbar=no");
+
+	w.opener = null;
+	w.location = "backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + "&csrf_token=" + getInitParam("csrf_token");
 }

js/viewfeed.js

@@ -1729,7 +1729,10 @@ function hlClicked(event, id) {
 
 function openArticleInNewWindow(id) {
 	toggleUnread(id, 0, false);
-	window.open("backend.php?op=article&method=redirect&id=" + id);
+
+	var w = window.open("");
+	w.opener = null;
+	w.location = "backend.php?op=article&method=redirect&id=" + id;
 }
 
 function isCdmMode() {