You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
harden: add rel="noopener noreferrer" to external target="_blank" links
Links opened with target="_blank" but no rel give the opened page
window.opener access (reverse-tabnabbing) and leak a referrer. Add
rel="noopener noreferrer" to every external target="_blank" link that
lacked a rel (mechanical, no behavioral change). Notably covers the
TonieboxCard link built from server-provided box IP.
Fixes#308
0 commit comments