Fix the target="_blank" vulnerability

Request new functionality here
jdecool
Bear Rating Trainee
Bear Rating Trainee
Posts: 1
Joined: 08 Feb 2017, 09:46

Fix the target="_blank" vulnerability

Postby jdecool » 08 Feb 2017, 09:55

The application seems to be vulnerable to the target="_blank" vulnerability by example (https://dev.to/ben/the-targetblank-vulnerability-by-example).

I want to make a patch to fix this issue.

I will patch the include/functions2.php file and update the usage of

Code: Select all

window.open


Is it possible to have developer right on the project (my username is the same "jdecool") ?

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Fix the target="_blank" vulnerability

Postby fox » 08 Feb 2017, 10:09

sure

the links are already rewritten with rel=noreferrer so you really only need to update the window.open in javascript, i think


Return to “Feature requests”

Who is online

Users browsing this forum: No registered users and 6 guests