Skip to content

Commit 8657ad4

Browse files
author
John Wilson
authored
Fix(React DevTools) - prevent phishing attacks (facebook#19934)
When a link opens a URL in a new tab with target="_blank", it is very simple for the opened page to change the location of the original page because the JavaScript variable window.opener is not null and thus "window.opener.location can be set by the opened page. This exposes the user to very simple phishing attacks.
1 parent 91d2b6e commit 8657ad4

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

packages/react-devtools/app.html

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,7 @@
121121
id="rn-help-link"
122122
class="link"
123123
target="_blank"
124+
rel="noopener noreferrer"
124125
href="https://reactnative.dev/docs/debugging#accessing-the-in-app-developer-menu"
125126
>in-app developer menu</a> to connect.
126127
</div>

0 commit comments

Comments
 (0)