Closed
Description
Reposting microsoft/tslint-microsoft-contrib#293 here:
https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
If you use window.open then you must do this:
let newWnd = window.open();
newWnd.opener = null;
For example, Monaco has to any
cast around this:
However, opener
is marked as readonly
. It should not be.
Metadata
Metadata
Assignees
Labels
No labels