#2048 closed enhancement (fixed)
Auto-generated links to external sites should set rel="noopener noreferrer"
Reported by: | Nicklas Nordborg | Owned by: | everyone |
---|---|---|---|
Priority: | minor | Milestone: | BASE 3.10 |
Component: | web | Version: | |
Keywords: | Cc: |
Description
Description fields and some other fields that may contain URL links to external sites are automatically linked to that site. They are typically opened in a new window using target="_blank"
. The targeted URL may in some cases get access to the BASE site by using the window.opener
reference in JavaScript. Browsers should normally protect against this (Firefox and IE/Edge seems to do this already). To get an extra layer of safety it is possible to tell the browser to not expose the window.opener
property.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-rel
https://css-tricks.com/random-interesting-facts-htmlsvg-usage/
Change History (6)
comment:1 by , 8 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 by , 8 years ago
comment:3 by , 8 years ago
comment:4 by , 8 years ago
(In [7397]) References #2048: Upgrade to Hibernate 5.2
The database schema generator need to pass the supplied connection to the Hibernate tools (using the "javax.persistence.schema-generation-connection" configuration setting). If not, they will open a new connection. Under some circumstances this fails when used with extensions that via the "services" extension point try to initiate their own database schema and tables.
comment:5 by , 7 years ago
comment:6 by , 7 years ago
(In [7455]) References #2048: Upgrade to Hibernate 5.2
I hope this fixes the schema update problem. The SchemaMigrator
has been replaced with code that goes directly into the internals of Hibernate and tries to check for an existing table using both quoted and unquoted table names. The generated SQL is then modified back to always use quoted table names. A good thing is that the "hack" mentioned in #2090 is no longer needed (due to the search-and-replace operation).
(In [7243]) Fixes #2048: Auto-generated links to external sites should set rel="noopener noreferrer"