Add rel="noopener noreferrer" to external links in LoginPage

jrauh01 · jrauh01 · commit 059073a5db4b · 2026-05-18T12:14:13.000+02:00
Prevents the linked page from accessing `window.opener` and stops the
referring URL from being sent in the `Referer` header.
diff --git a/library/Icinga/Web/Widget/LoginPage.php b/library/Icinga/Web/Widget/LoginPage.php
@@ -175,7 +175,8 @@ protected function assembleSocialLinks(): HtmlElement
                     'href'       => 'https://www.facebook.com/icinga',
                     'target'     => '_blank',
                     'title'      => $this->translate('Icinga on Facebook'),
-                    'aria-label' => $this->translate('Icinga on Facebook')
+                    'aria-label' => $this->translate('Icinga on Facebook'),
+                    'rel'        => 'noopener noreferrer'
                 ]),
                 HtmlElement::create('i', Attributes::create([
                     'class'       => 'icon-facebook-squared',
@@ -194,6 +195,7 @@ protected function assembleSocialLinks(): HtmlElement
                     'target'     => '_blank',
                     'title'      => $this->translate('Icinga on GitHub'),
                     'aria-label' => $this->translate('Icinga on GitHub'),
+                    'rel'        => 'noopener noreferrer'
                 ]),
                 HtmlElement::create('i', Attributes::create([
                     'class'       => 'icon-github-circled',
