[jira] [Created] (ZEPPELIN-5395) External links vulnerable to tabnabbing

Danny Cranmer (Jira) Fri, 28 May 2021 06:29:10 -0700

Danny Cranmer created ZEPPELIN-5395:
---------------------------------------


             Summary: External links vulnerable to tabnabbing
                 Key: ZEPPELIN-5395
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-5395
             Project: Zeppelin
          Issue Type: Improvement
            Reporter: Danny Cranmer
            Assignee: Danny Cranmer


*Problem*
Anchor links that launch new tabs using {{target="_blank"}} are vulnerable to 
[tab nabbing|https://owasp.org/www-community/attacks/Reverse_Tabnabbing]

*Solution*
Add {{rel="noopener noreferrer"}} to the anchor links 
(https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#tabnabbing)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ZEPPELIN-5395) External links vulnerable to tabnabbing

Reply via email to