Opened 6 months ago

Closed 6 months ago

Last modified 2 weeks ago

#2048 closed enhancement (fixed)

Auto-generated links to external sites should set rel="noopener noreferrer"

Reported by: nicklas Owned by: everyone
Priority: minor Milestone: BASE 3.10
Component: web Version:
Keywords: Cc:

Description

Description fields and some other fields that may contain URL links to external sites are automatically linked to that site. They are typically opened in a new window using target="_blank". The targeted URL may in some cases get access to the BASE site by using the window.opener reference in JavaScript?. Browsers should normally protect against this (Firefox and IE/Edge seems to do this already). To get an extra layer of safety it is possible to tell the browser to not expose the window.opener property.

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-rel

https://css-tricks.com/random-interesting-facts-htmlsvg-usage/

Change History (2)

comment:1 Changed 6 months ago by nicklas

  • Resolution set to fixed
  • Status changed from new to closed

(In [7243]) Fixes #2048: Auto-generated links to external sites should set rel="noopener noreferrer"

comment:2 Changed 2 weeks ago by nicklas

(In [7361]) References #2048: Upgrade to Hibernate 5.2

Creating branch for working with this update since it will likely cause a lot of things to stop working initially.

Note: See TracTickets for help on using tickets.