Security Issue: "_blank" rel="noopener noreferrer"
complete
h
hope semper
Recently in the update 4.7.4 wordpress added an option to the target="_blank" because a vulnerability in their editor tinymc adding rel="noopener noreferrer" by default when _blank was selected
anyone can hack your system with the window.opener vulnerability
as far we use ux-builder and not tinymce was good to change by default
UX Themes
Thanks, great post!
h
hope semper
UX Themes: Thanks :-) ..... I hope that even is marked as complete they fix it
UX Themes
hope semper: I'm pretty sure when Tommy labels as "complete", it's implemented/fixed for the next version.
Tommy Jacobs Vedvik
complete
Tommy Jacobs Vedvik
Thanks for the heads up :) This is more related to WordPress. UX Builder uses the default WordPress tinymce editor.
h
hope semper
Tommy Jacobs Vedvik: Hi, I don't think so... if I use a New Window for any link ux-builder don't add noopener... but if I use the regular editor wordpress add that option... so, the vulnerability is still there :-( ... for any link to new windows with flatsome ux-builder
h
hope semper
Tommy Jacobs Vedvik: I don't mean with the text-editor option of ux-builder... I mean with the new-window option of buttons, etc,...
Tommy Jacobs Vedvik
hope semper: Ah, now I understand. We'll add rel="noopener noreferrer" to target="_blank" links
h
hope semper
Tommy Jacobs Vedvik: Thanks :-)
h
hope semper
the vulnerability has the name: reverse tabnabbing
btw someone want to learn more about