kefranabg/readme-md-generator

Include rel=”noopener” on links to improve security

Open

#209 opened on Jul 9, 2020

View on GitHub
 (1 comment) (0 reactions) (0 assignees)JavaScript (1,349 forks)batch import
feature requestgood first issue

Repository metrics

Stars
 (10,735 stars)
PR merge metrics
 (No merged PRs in 30d)

Description

I would like to include in the templates/default.md file (compatible with HTML) the tag rel = "noopener noreferrer" inside the links . To do this, it will also be necessary to modify the links on "src/snapshots/readme.spec.js.snap" file, as I found testing in a local environment.

This modification increases the security of this generator's links. The vulnerability has been described in detail here: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

I believe that, at first, you may think that this would only represent a risk for the github itself. However, I realized that this could get worse because I am developing a small React app as a bootcamp exercise, and this app uses the Github API to receive information from profiles and repositories. When capturing this information, it saves it in a database and publishes it. In other words: the url of our sites is vulnerable.

Contributor guide