izeren-amzn commented on pull request #4212: URL: https://github.com/apache/zeppelin/pull/4212#issuecomment-913746575
Hi @zjffdu, since Philipp is busy, could you please have a look at this PR? Short summary: There is an issue with vulnerability caused be links with target="_blank" https://owasp.org/www-community/attacks/Reverse_Tabnabbing It can be addressed by adding rel="noopener noreferrer" to the links https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#tabnabbing I have applied this fix for all the links apart from the angular rendered. For angular rendered links the more general solution can be applied (https://coryrylan.com/blog/managing-external-links-safely-in-angular), but before I will do this workaround, I would like to confirm it with the maintainers -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@zeppelin.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
