plots2 Links to cross-origin destinations are unsafe

Links to cross-origin destinations are unsafe

Open vinitshahdeo opened this issue 5 years ago • 4 comments

<a class="nav-link" target="_blank" href="//store.publiclab.org" >

When you link to a page on another site using the target="_blank" attribute, you can expose your site to performance and security issues:

The other page may run on the same process as your page. If the other page is running a lot of JavaScript, your page's performance may suffer.
The other page can access your window object with the window.opener property. This may allow the other page to redirect your page to a malicious URL.

Adding rel="noopener" or rel="noreferrer" to your target="_blank" links avoids these issues.

noreferrer: It is used to Specify that the browser should not send an HTTP referer header if the user follows the hyperlink.

Jan 31 '20 18:01 vinitshahdeo

I would like to work on this issue. This should be done for every link tag with target="_blank" attribute right?

Jan 30 '22 07:01 sakshi-2412

@govindgoel can you confirm please. Thanks!

Jan 31 '22 05:01 sakshi-2412

@sakshi-2412 I think we can check if it is done before or not else work on this. Thanks

Feb 01 '22 06:02 govindgoel

Yes I checked, and rel="noreferrer" is not added for almost all of the link tags with target="_blank" attribute. I'll make a PR soon. Thanks ✨

Feb 02 '22 06:02 sakshi-2412