Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix - prevent phishing attacks #19934

Merged
merged 1 commit into from
Oct 1, 2020
Merged

Fix - prevent phishing attacks #19934

merged 1 commit into from
Oct 1, 2020

Commits on Sep 30, 2020

  1. Fix - prevent phishing attacks 

    When a link opens a URL in a new tab with target="_blank", it is very simple for the opened page to change the location of the original page because the JavaScript variable window.opener is not null and thus "window.opener.location can be set by the opened page. This exposes the user to very simple phishing attacks.
    John Wilson committed Sep 30, 2020
    Configuration menu
    Copy the full SHA
    42c0198 View commit details
    Browse the repository at this point in the history