Showing content from https://github.com/vuematerial/vue-material/issues/1320 below:
Vulnerability - Components implementing a href attribute to render <a
Skip to content Navigation Menu
Search code, repositories, users, issues, pull requests...
Saved searches Use saved searches to filter your results more quickly
Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert
Vulnerability - Components implementing a href attribute to render <a> tags and accepting the target="_blank" option should implement rel="noopener noreferrer" #1320
Description
e.g. If used as
<md-list-item :href="http://virus.com" target="_blank" rel="noopener noreferrer">A malicious link</md-list-item>
then only the li tag encapsulating the actual a tag is given the attribute. This is a security vulnerability as the opened tab can gain access to the current window.
Metadata Metadata
Assignees
No one assigned
Development
No branches or pull requests Issue actions
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4