Skip to content

Commit

Permalink
Fix(React DevTools) - prevent phishing attacks (facebook#19934)
Browse files Browse the repository at this point in the history
When a link opens a URL in a new tab with target="_blank", it is very simple for the opened page to change the location of the original page because the JavaScript variable window.opener is not null and thus "window.opener.location can be set by the opened page. This exposes the user to very simple phishing attacks.
  • Loading branch information
John Wilson authored and koto committed Jun 15, 2021
1 parent 3545e47 commit d3d4bc0
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions packages/react-devtools/app.html
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@
id="rn-help-link"
class="link"
target="_blank"
rel="noopener noreferrer"
href="https://reactnative.dev/docs/debugging#accessing-the-in-app-developer-menu"
>in-app developer menu</a> to connect.
</div>
Expand Down

0 comments on commit d3d4bc0

Please sign in to comment.