=== on 11 Jan 2019, 10:51:35 Alexandre Gigleux wrote:
Discussion to make ``++window.opener++`` "null" by default when using ``++_blank++``: \https://github.com/whatwg/html/issues/4078

=== on 11 Jan 2019, 10:52:03 Alexandre Gigleux wrote:
https://github.com/snoopysecurity/Noopener-Burp-Extension


https://dev.to/ben/the-targetblank-vulnerability-by-example

https://snoopysecurity.github.io/webappsec/2018/04/26/target_blank_vulnerability.html

=== on 8 Aug 2019, 15:06:49 Tibor Blenessy wrote:
\[~alexandre.gigleux] [~nicolas.harraudeau] , do we want this rule to be in default profile? 

=== on 8 Aug 2019, 15:15:25 Alexandre Gigleux wrote:
Yes, it should be enabled by default. This is the way to not be vulnerable, there is no reason to not follow this recommendation. I updated the RSPEC accordinly.