From 059073a5db4b5e17fd69c6faa93d37ed81bcdfa9 Mon Sep 17 00:00:00 2001
From: Johannes Rauh <johannes.rauh@icinga.com>
Date: Mon, 11 May 2026 13:23:42 +0200
Subject: [PATCH] Add `rel="noopener noreferrer"` to external links in
 `LoginPage`

Prevents the linked page from accessing `window.opener` and stops the
referring URL from being sent in the `Referer` header.
---
 library/Icinga/Web/Widget/LoginPage.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/Icinga/Web/Widget/LoginPage.php b/library/Icinga/Web/Widget/LoginPage.php
index 19d23bfab..a9c5913a3 100644
--- a/library/Icinga/Web/Widget/LoginPage.php
+++ b/library/Icinga/Web/Widget/LoginPage.php
@@ -175,7 +175,8 @@ class LoginPage extends HtmlDocument
                     'href'       => 'https://www.facebook.com/icinga',
                     'target'     => '_blank',
                     'title'      => $this->translate('Icinga on Facebook'),
-                    'aria-label' => $this->translate('Icinga on Facebook')
+                    'aria-label' => $this->translate('Icinga on Facebook'),
+                    'rel'        => 'noopener noreferrer'
                 ]),
                 HtmlElement::create('i', Attributes::create([
                     'class'       => 'icon-facebook-squared',
@@ -194,6 +195,7 @@ class LoginPage extends HtmlDocument
                     'target'     => '_blank',
                     'title'      => $this->translate('Icinga on GitHub'),
                     'aria-label' => $this->translate('Icinga on GitHub'),
+                    'rel'        => 'noopener noreferrer'
                 ]),
                 HtmlElement::create('i', Attributes::create([
                     'class'       => 'icon-github-circled',