This creates two important security vulnerabilities.
Missing rel=noreferrer
When a user clicks on a link sent by another user in the same chat room, the request made by the browser to fetch the resource referenced by the URL will contain a Referrer header who's value will be the chatroom's full URL.
This creates an issue where any website administrator to which a Darkwire user browsed to can just look up the Darkwire chatroom URL in the Referrer header of his server logs.
Missing rel=noopener
Since anchor tags create by Autolinker contain a target=_blank attribute, users clicking on this link will be vulnerable to tab-jacking attacks.
seripap
commented
7 years ago
When a user sends a message containing a URL, Darkwire transforms the URL into an HTML anchor tag with an href link to the URL in question using the Autolinker module.
This creates two important security vulnerabilities.
When a user clicks on a link sent by another user in the same chat room, the request made by the browser to fetch the resource referenced by the URL will contain a
Referrerheader who's value will be the chatroom's full URL.This creates an issue where any website administrator to which a Darkwire user browsed to can just look up the Darkwire chatroom URL in the
Referrerheader of his server logs.Since anchor tags create by Autolinker contain a
target=_blankattribute, users clicking on this link will be vulnerable to tab-jacking attacks.More details can be found in this blog post: https://mathiasbynens.github.io/rel-noopener/