vitamin-web icon indicating copy to clipboard operation
vitamin-web copied to clipboard

Published 20 hours ago verified publisher icon Decathlon

feat: security enhancement on `VtmnLink` component

Open Tlahey opened this issue 1 year ago • 1 comments

Hello,

I've found a potential security issue with the VtmnLink component. See this post -> https://twitter.com/brianthiely/status/1562102291502665728?s=21&t=27WqGeqocjEcRezD05-ziA

We need to add a noopener noreferrer when target is _blank

Tlahey avatar Aug 24 '22 11:08 Tlahey

Hello @Tlahey, you are right, thanks for being vigilant! This security should also be enforced, at least, with the corresponding eslint rule for Svelte, Vue and React.

Could you make a PR please ?

thibault-mahe avatar Aug 24 '22 12:08 thibault-mahe