From abca69f4085f7b21c1b58c17565afd8ebdc5990c Mon Sep 17 00:00:00 2001 From: Andrey Antukh Date: Mon, 15 Nov 2021 16:22:31 +0100 Subject: [PATCH] :bug: Fix tab reuse issue (viewer <-> workspace). --- frontend/src/app/util/dom.cljs | 10 ++++++---- frontend/src/app/util/router.cljs | 3 ++- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/frontend/src/app/util/dom.cljs b/frontend/src/app/util/dom.cljs index 82a94e0ed6..7a4f93499a 100644 --- a/frontend/src/app/util/dom.cljs +++ b/frontend/src/app/util/dom.cljs @@ -411,13 +411,15 @@ (let [event (.-nativeEvent ^js bevent)] (= 1 (.-which event)))) +;; Warning: need to protect against reverse tabnabbing attack +;; https://www.comparitech.com/blog/information-security/reverse-tabnabbing/ (defn open-new-window ([uri] - (open-new-window uri "_blank")) + (open-new-window uri "_blank" "noopener,noreferrer")) ([uri name] - ;; Warning: need to protect against reverse tabnabbing attack - ;; https://www.comparitech.com/blog/information-security/reverse-tabnabbing/ - (.open js/window (str uri) name "noopener,noreferrer"))) + (open-new-window uri name "noopener,noreferrer")) + ([uri name features] + (.open js/window (str uri) name features))) (defn browser-back [] diff --git a/frontend/src/app/util/router.cljs b/frontend/src/app/util/router.cljs index 27bfe4374f..3bbe5eeec8 100644 --- a/frontend/src/app/util/router.cljs +++ b/frontend/src/app/util/router.cljs @@ -117,9 +117,10 @@ (effect [_ state _] (let [router (:router state) path (resolve router rname path-params query-params) + name (or name "_blank") uri (-> (u/uri cfg/public-uri) (assoc :fragment path))] - (dom/open-new-window (str uri) name))))) + (dom/open-new-window uri name nil))))) (defn nav-back []