Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How/where do I add this js code to index.html to fix this vulnerability? #75

Closed
JonDevOps opened this issue Aug 22, 2018 · 1 comment
Closed

How/where do I add this js code to index.html to fix this vulnerability? #75

JonDevOps opened this issue Aug 22, 2018 · 1 comment

Comments

@JonDevOps
Copy link
Member

JonDevOps commented Aug 22, 2018
edited

Here is the code:
var newWnd = window.open();
newWnd.opener = null;

Every time you open a new window via window.open(); you're also "vulnerable" to this, so this code will always reset the "opener" property

I am addig this to fix a security vulnerability cause by target="_blank"
For more info see: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

For more info about this vuln see: https://developers.google.com/web/tools/lighthouse/audits/noopener
@JonDevOps JonDevOps changed the title How and were should I add this javascript snippet to the index.html file How and were should I add this javascript snippet to the index.html file to fix a vuln Aug 22, 2018
@JonDevOps JonDevOps changed the title How and were should I add this javascript snippet to the index.html file to fix a vuln How and were should I add this javascript snippet to the index.html file to fix a vulnerability Aug 22, 2018
@JonDevOps JonDevOps changed the title How and were should I add this javascript snippet to the index.html file to fix a vulnerability How/where should I add this js code to the index.html file to fix a vulnerability? Aug 22, 2018
@JonDevOps JonDevOps changed the title How/where should I add this js code to the index.html file to fix a vulnerability? How/where do I add this js code to index.html to fix a vulnerability? Aug 22, 2018
@JonDevOps JonDevOps changed the title How/where do I add this js code to index.html to fix a vulnerability? How/where do I add this js code to index.html to fix this vulnerability? Aug 22, 2018
@hannahpi
Copy link
Member

We're not using window.open but if we do use it in JavaScript then we need to add the second line. I don't think we have to add an event listener for window open but that could also fix it if i understand correctly. I'm still not clear on the impact of these attacks because it relies on either the site you're linking to or from. Also i thought Google Chrome put each tab in its own process (i must've been wrong about that or there's a special privilege granted to new tabs started from a link, maybe in how the process forks a new one?)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hannahpi @JonDevOps