id

150

title
check use of target="_blank"
reporter
Goffi
created
10/09/2016, 11:24
updated
10/09/2016, 11:24
labels
Libervia
type
bug
status
queued
priority
normal
milestone
0.7
severity
major
body

target="_blank" can lead to phishing issue by changing the originating page, cf. this article: https://dev.to/ben/the-targetblank-vulnerability-by-example This should be checked in external HTML in libervia (or directly in backend, check that target is not an allowed attribute).

comments_uri
xmpp:pubsub.goffi.org?;node=urn%3Axmpp%3Amicroblog%3A0%3Acomments%2Forg.salut-a-toi.tickets%3A0_150

You are not logged. You need to log in to comment.