All links should include rel="noopener noreferrer" #569

tbarbugli · 2020-10-12T19:44:31Z

Links are converted to HTML anchor tags.

For example doyensec.com is converted to doyensec.com. As no rel attribute is present, it is possible for the website opened in the new tab (i.e. doyensec.com) to redirect the opener tab (i.e. bevybevy.com) to an arbitrary location.

Reproduction Steps

Create an HTML file with the following content:
<script>window.opener.location.href="https://doyensec.com";</script>
Host the HTML file on an HTTP server (i.e. http://attacker.com/exploit.html)
Send in a streaming chat the link to the HTML file (i.e. http://attacker.com/exploit.html)
Click on the link in the chat
Go back to the previous tab
Notice the tab has been redirected to https://doyensec.com

Remediation
Add the rel="noopener" attribute to anchor tags. This attribute prevents "child" tabs to access the window.opener object.

Resources
• https://owasp.org/www-community/attacks/Reverse_Tabnabbing
• https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types/noopener

gz#6585

The text was updated successfully, but these errors were encountered:

tbarbugli added the bug Something isn't working label Oct 12, 2020

tbarbugli assigned mahboubii Oct 12, 2020

mahboubii added a commit that referenced this issue Oct 12, 2020

fix #569: add nofollow noreferrer noopener to links markdown

9492763

mahboubii closed this as completed in 993e5ef Oct 13, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

All links should include rel="noopener noreferrer" #569

All links should include rel="noopener noreferrer" #569

tbarbugli commented Oct 12, 2020 •

edited by shodgetts

Loading

All links should include rel="noopener noreferrer" #569

All links should include rel="noopener noreferrer" #569

Comments

tbarbugli commented Oct 12, 2020 • edited by shodgetts Loading

tbarbugli commented Oct 12, 2020 •

edited by shodgetts

Loading