Tabnapping vulnerability
Airblader opened this issue · comments
The »Additional Resources« (and possibly other) links currently use target="_blank"
, which opens a security vulnerability as the opened page is external and gets a reference via window.opener
. All links opening in new windows should add rel="noopener"
.
Given that the links are not directly user content the issue is relatively minor at the moment, but should still be fixed.
See https://mathiasbynens.github.io/rel-noopener/ for an in-depth discussion of the issue.
Thanks for the heads up!
This site is generated using GitBook through markdown so I will need to see if there is a way to make this update in that context, or open an issue with them. I appreciate the feedback!