You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
JonDevOps
changed the title
How and were should I add this javascript snippet to the index.html file
How and were should I add this javascript snippet to the index.html file to fix a vuln
Aug 22, 2018
JonDevOps
changed the title
How and were should I add this javascript snippet to the index.html file to fix a vuln
How and were should I add this javascript snippet to the index.html file to fix a vulnerability
Aug 22, 2018
JonDevOps
changed the title
How and were should I add this javascript snippet to the index.html file to fix a vulnerability
How/where should I add this js code to the index.html file to fix a vulnerability?
Aug 22, 2018
JonDevOps
changed the title
How/where should I add this js code to the index.html file to fix a vulnerability?
How/where do I add this js code to index.html to fix a vulnerability?
Aug 22, 2018
JonDevOps
changed the title
How/where do I add this js code to index.html to fix a vulnerability?
How/where do I add this js code to index.html to fix this vulnerability?
Aug 22, 2018
We're not using window.open but if we do use it in JavaScript then we need to add the second line. I don't think we have to add an event listener for window open but that could also fix it if i understand correctly. I'm still not clear on the impact of these attacks because it relies on either the site you're linking to or from. Also i thought Google Chrome put each tab in its own process (i must've been wrong about that or there's a special privilege granted to new tabs started from a link, maybe in how the process forks a new one?)
Here is the code:
var newWnd = window.open();
newWnd.opener = null;
Every time you open a new window via window.open(); you're also "vulnerable" to this, so this code will always reset the "opener" property
I am addig this to fix a security vulnerability cause by target="_blank"
For more info see: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
For more info about this vuln see: https://developers.google.com/web/tools/lighthouse/audits/noopener
The text was updated successfully, but these errors were encountered: