izeren-amzn opened a new pull request #4212: URL: https://github.com/apache/zeppelin/pull/4212
### What is this PR for? Anchor links that launch new tabs using target="_blank" are vulnerable to tab nabbing see: https://owasp.org/www-community/attacks/Reverse_Tabnabbing ### What type of PR is it? Improvement ### Todos * Add rel="noopener noreferrer" to the anchor links (https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#tabnabbing) ### What is the Jira issue? https://issues.apache.org/jira/browse/ZEPPELIN-5395 ### How should this be tested? Child pages from opened links should not contain referrer info or links to the parent one ### Screenshots (if appropriate) ### Questions: * Does the licenses files need update? No * Is there breaking changes for older versions? Content of parent pages will no longer be accessed with back referencing from the child ones * Does this needs documentation? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
