18 lines
807 B
Plaintext
18 lines
807 B
Plaintext
|
=== On 2019-01-11T10:51:35Z Alexandre Gigleux Wrote:
|
|||
|
|
Discussion to make ``++window.opener++`` "null" by default when using ``++_blank++``: \https://github.com/whatwg/html/issues/4078
|
|||
|
|
|
|||
|
|
=== On 2019-01-11T10:52:03Z Alexandre Gigleux Wrote:
|
|||
|
|
https://github.com/snoopysecurity/Noopener-Burp-Extension
|
|||
|
|
|
|||
|
|
|
|||
|
|
https://dev.to/ben/the-targetblank-vulnerability-by-example
|
|||
|
|
|
|||
|
|
https://snoopysecurity.github.io/webappsec/2018/04/26/target_blank_vulnerability.html
|
|||
|
|
|
|||
|
|
=== On 2019-08-08T15:06:49Z Tibor Blenessy Wrote:
|
|||
|
|
\[~alexandre.gigleux] [~nicolas.harraudeau] , do we want this rule to be in default profile?
|
|||
|
|
|
|||
|
|
=== On 2019-08-08T15:15:25Z Alexandre Gigleux Wrote:
|
|||
|
|
Yes, it should be enabled by default. This is the way to not be vulnerable, there is no reason to not follow this recommendation. I updated the RSPEC accordinly.
|
|||
|
|
|