Merge pull request #337 from ArtemBernatskyy/patch-1

Fixed security issue in demo (Reverse Tabnabbing)
cure53 · May 15, 2019 · 7601c33 · 7601c33
2 parents f4c22d6 + e7b3376
commit 7601c33
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/demos/hooks-target-blank-demo.html b/demos/hooks-target-blank-demo.html
@@ -32,6 +32,8 @@
                 // set all elements owning target to target=_blank
                 if ('target' in node) {
                     node.setAttribute('target','_blank');
+                    // prevent https://www.owasp.org/index.php/Reverse_Tabnabbing
+                    node.setAttribute('rel', 'noopener noreferrer');
                 }
                 // set non-HTML/MathML links to xlink:show=new
                 if (!node.hasAttribute('target')