Security issue caused by target=”_blank”, one liner change proposal | WordPress.org

milan.latinovic
(@milanlatinovic)

4 years, 2 months ago
Hi,

Firstly, thank you for a great plugin, it works really nice.

However, we were running a security test and it got triggered on target=”_blank” instances. In your plugin you have class-author-bio-box-frontend.php file, line 96.

$html .= ‘<a target=”_blank” rel=”nofollow noopener noreferrer” href=”‘ . esc_url(

Could you change it to target=”external” and make this a bit more safer!

$html .= ‘<target=”external” rel=”nofollow noopener noreferrer” href=”‘ . esc_url(

We already hardcoded changes locally (monkey patch) but it would be nice to have this one liner change within next versions of plugin! It will also result in higher security score for the plugin itself.

Kind regards,
Milan
- This topic was modified 4 years, 2 months ago by milan.latinovic.

The topic ‘Security issue caused by target=”_blank”, one liner change proposal’ is closed to new replies.

Tags

proposal

In: Plugins
0 replies
1 participant
Last reply from: milan.latinovic
Last activity: 4 years, 2 months ago
Status: not resolved