rails-security-checklist icon indicating copy to clipboard operation
rails-security-checklist copied to clipboard

Published 20 hours ago verified publisher icon eliotsykes

Mitigate window.opener exploits

Open eliotsykes opened this issue 7 years ago • 0 comments

Set rel="noopener noreferrer" attribute on <a "target=_blank"...> links

More at: https://dev.to/ben/the-targetblank-vulnerability-by-example

Consider if link_to and other link_* helpers should automatically set the rel="noopener noreferrer" attribute if target option is set to _blank or #

eliotsykes avatar Sep 20 '18 10:09 eliotsykes