search

tomastrajan / angular-ngrx-material-starter

Angular, NgRx, Angular CLI & Angular Material Starter Project
https://tomastrajan.github.io/angular-ngrx-material-starter
MIT License
2.82k stars 919 forks source link

Added rel="noopener noreferrer" in anchor and alt in image tag #522

Closed Zaky7 closed 4 years ago

Zaky7 commented 4 years ago

What:

1. Added rel="noopener noreferrer"

When a link opens a URL in a new tab with target="_blank", it is very simple for the opened page to change the location of the original page because the JavaScript variable window.opener is not null and thus "window.opener.location can be set by the opened page. This exposes the user to very simple phishing attacks.

To prevent pages from abusing window.opener, use rel=noopener on <a href=> to force its value to be null on the opened pages. With this in place, window.opener is null in Chrome 49+, Opera 36+, Firefox 52+, Desktop Safari 10.1+, and iOS Safari 10.3+. For older browsers, use "noreferrer". Cumulatively, rel="noopener noreferrer" is the safest way to mitigate this vulnerability.

2. Added alt attribute to the image tag

3. Changed all-contributer-html.js to generate safe anchor tag and image element

Issue number: N/A

tomastrajan commented 4 years ago

@Zaky7 thank you very much for your contribution!

Zaky7 commented 4 years ago

@Zaky7 thank you very much for your contribution!

@tomastrajan thank you 😄 for your humble reply. Nice project for beginners starting with ngrx and angular material :)