ghost
commented
5 years ago i add your pseudo to do a notification :) @mlgualtieri
Closed ghost closed 5 years ago
ghost
commented
5 years ago i add your pseudo to do a notification :) @mlgualtieri
mlgualtieri
commented
5 years ago Sure, this edit is OK. I'm not doing anything nefarious on the vulnerability tester page, so technically it's not needed, but the more trust the code can build the better. I'll merge it in and include it in the next release. Thanks!
mlgualtieri
commented
5 years ago FYI - Just a slight modification on your pull, the quotes around the rel params appeared to be unicode. I edited to the regular " char.
I propose this change because it is currently recommended to add rel=”noreferrer noopener” as soon as a link calls for a blank to fill a security breach
I do not know what are the consequences of not putting it in an extension so for security I propose added them
More info about noreferrer and noopener on GHack : https://www.ghacks.net/2017/01/24/web-security-add-relnoopener-to-external-links/