merkle-open / prevent-window-opener-attacks Goto Github PK
View Code? Open in Web Editor NEWPrevent window.opener attacks for blank links
Home Page: https://merkle-open.github.io/prevent-window-opener-attacks/
License: MIT License
Prevent window.opener attacks for blank links
Home Page: https://merkle-open.github.io/prevent-window-opener-attacks/
License: MIT License
'Marcos Imbuerger' described the underlying issue very well back in 2019. Since the beginning of 2021 this bug seems to bo fixed for modern browsers as pointed out on Stackoverflow with reference to chromestatus.com. The target=_blank Anchor does imply rel=noopener in all modern browsers by default. Quote: "All current versions of major browsers" now automatically fix this issue by automatically adding the behavior of rel="noopener" for any target="_blank" link. The new browser behaviour will be nullifying this issue.
The example links were not moved to the new project
Hello! Nice work on your library here. I wanted to let you know that I used your github page as a way to test an internal tool I am developing as well for window.opener. I found a bug around safari that I wanted to let you know about. It turns out that setting window.opener = null
(which is also the same in my current implementation) does not actually work if the new window is a different origin. In fact when you do call window.opener = null
in this scenario you get an error in the console TypeError: null is not an object
Which I think is actually a red-herring error. I think it's actually hiding a cross origin security error.
So with that, we both have a bug, and I am not sure what the solution looks like yet. Will let you know if I get a good answer
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.