Danny Cranmer created ZEPPELIN-5395:
---------------------------------------
Summary: External links vulnerable to tabnabbing
Key: ZEPPELIN-5395
URL: https://issues.apache.org/jira/browse/ZEPPELIN-5395
Project: Zeppelin
Issue Type: Improvement
Reporter: Danny Cranmer
Assignee: Danny Cranmer
*Problem*
Anchor links that launch new tabs using {{target="_blank"}} are vulnerable to
[tab nabbing|https://owasp.org/www-community/attacks/Reverse_Tabnabbing]
*Solution*
Add {{rel="noopener noreferrer"}} to the anchor links
(https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html#tabnabbing)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
