rspec/rules/S5148/comments-and-links.adoc

=== on 11 Jan 2019, 10:51:35 Alexandre Gigleux wrote:
Discussion to make ``++window.opener++`` "null" by default when using ``++_blank++``: \https://github.com/whatwg/html/issues/4078

=== on 11 Jan 2019, 10:52:03 Alexandre Gigleux wrote:
https://github.com/snoopysecurity/Noopener-Burp-Extension


https://dev.to/ben/the-targetblank-vulnerability-by-example

https://snoopysecurity.github.io/webappsec/2018/04/26/target_blank_vulnerability.html

=== on 8 Aug 2019, 15:06:49 Tibor Blenessy wrote:
\[~alexandre.gigleux] [~nicolas.harraudeau] , do we want this rule to be in default profile? 

=== on 8 Aug 2019, 15:15:25 Alexandre Gigleux wrote:
Yes, it should be enabled by default. This is the way to not be vulnerable, there is no reason to not follow this recommendation. I updated the RSPEC accordinly.
-												Fix the comment display: rule-id, timestamp, GH visibility, link direction

											
										
										
											2021-06-03 09:05:38 +02:00
+								=== on 11 Jan 2019, 10:51:35 Alexandre Gigleux wrote:
-												Export comments and rspec-to-rspec links from jira

											
										
										
											2021-06-02 20:44:38 +02:00
+								Discussion to make ``++window.opener++`` "null" by default when using ``++_blank++``: \https://github.com/whatwg/html/issues/4078
-												Fix the comment display: rule-id, timestamp, GH visibility, link direction

											
										
										
											2021-06-03 09:05:38 +02:00
+								=== on 11 Jan 2019, 10:52:03 Alexandre Gigleux wrote:
-												Export comments and rspec-to-rspec links from jira

											
										
										
											2021-06-02 20:44:38 +02:00
+								https://github.com/snoopysecurity/Noopener-Burp-Extension
 								https://dev.to/ben/the-targetblank-vulnerability-by-example
 								https://snoopysecurity.github.io/webappsec/2018/04/26/target_blank_vulnerability.html
-												Fix the comment display: rule-id, timestamp, GH visibility, link direction

											
										
										
											2021-06-03 09:05:38 +02:00
+								=== on 8 Aug 2019, 15:06:49 Tibor Blenessy wrote:
-												Export comments and rspec-to-rspec links from jira

											
										
										
											2021-06-02 20:44:38 +02:00
+								\[~alexandre.gigleux] [~nicolas.harraudeau] , do we want this rule to be in default profile?
-												Fix the comment display: rule-id, timestamp, GH visibility, link direction

											
										
										
											2021-06-03 09:05:38 +02:00
+								=== on 8 Aug 2019, 15:15:25 Alexandre Gigleux wrote:
-												Export comments and rspec-to-rspec links from jira

											
										
										
											2021-06-02 20:44:38 +02:00
+								Yes, it should be enabled by default. This is the way to not be vulnerable, there is no reason to not follow this recommendation. I updated the RSPEC accordinly.