You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
error Using target="_blank" without rel="noopener noreferrer" is a security risk: see https://mathiasbynens.github.io/rel-noopener react/jsx-no-target-blank
Why
Opening a new tab/window, either by hyperlinks (i.e <a> tag with target attribute set to _blank) or programmatically calling window.open, will grant the newly-opened tab/window access back to the originating tab/window via window.opener. Therefore, the newly opened tab/window can then change the window.opener.location to redirect to the phishing page in the background, or execute some JavaScript on the opener-page on your behalf.
Background
Today eslint reports an error when I introduce eslint-plugin-react
Why
Opening a new tab/window, either by hyperlinks (i.e <a> tag with target attribute set to
_blank) or programmatically calling window.open, will grant the newly-opened tab/window access back to the originating tab/window via window.opener. Therefore, the newly opened tab/window can then change thewindow.opener.locationto redirect to the phishing page in the background, or execute some JavaScript on the opener-page on your behalf.How to fix
Add
rel="noopenner"to outgoing links. E.g.noopenerin window featuresopenerpropertyNote: this technique is subject to Same Origin Policy
Reference
Notice
The text was updated successfully, but these errors were encountered: