ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5148/comments-and-links.adoc

18 lines
809 B
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

=== on 11 Jan 2019, 10:51:35 Alexandre Gigleux wrote:
Discussion to make ``++window.opener++`` "null" by default when using ``++_blank++``: \https://github.com/whatwg/html/issues/4078
=== on 11 Jan 2019, 10:52:03 Alexandre Gigleux wrote:
https://github.com/snoopysecurity/Noopener-Burp-Extension
https://dev.to/ben/the-targetblank-vulnerability-by-example
https://snoopysecurity.github.io/webappsec/2018/04/26/target_blank_vulnerability.html
=== on 8 Aug 2019, 15:06:49 Tibor Blenessy wrote:
\[~alexandre.gigleux] [~nicolas.harraudeau] , do we want this rule to be in default profile? 
=== on 8 Aug 2019, 15:15:25 Alexandre Gigleux wrote:
Yes, it should be enabled by default. This is the way to not be vulnerable, there is no reason to not follow this recommendation. I updated the RSPEC accordinly.
Reference in New Issue View Git Blame Copy Permalink