keeweb
/
keeweb
mirror of https://github.com/keeweb/keeweb.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,151 Commits 7 Branches 128 Tags 48 MiB
Commit Graph

8 Commits

Author SHA1 Message Date
antelle 84a23e4aea prettier 2019-08-16 23:05:39 +02:00
antelle 9312fd105b improved link security 2019-03-02 17:16:14 +01:00
sainaen 7a99e42bde
Add rel=noreferrer to links in the URL field 
When opened from the webapp, a malicious target page could trigger
navigation in the KeeWeb's tab using `window.opener`.

The proper way to fix this would be using `rel=noopener`, but
unfortunately even the latest versions of IE do not support it.
At the same time `rel=noreferrer`, for historical reasons, implies
`rel=noopener` when used with `target=blank` and is supported
by IE11 (in later versions of Windows 10) and Edge.

More details and examples of the attack
at [Mathias Bynens' website](https://mathiasbynens.github.io/rel-noopener/).
 2017-07-24 23:50:42 +03:00
antelle 782488f8fa removed 'use script' 2017-04-08 18:31:38 +02:00
antelle a77f61cc5d var => let 2017-01-31 07:50:28 +01:00
Antelle 37183ed978 fix #68: url display without http 2016-01-13 21:00:22 +03:00
Antelle f1d7cab271 fix #20: default http:// for urls without protocol 2015-11-07 23:49:48 +03:00
Antelle 3fb3db9365 import 2015-10-18 00:49:24 +03:00