From fe4cab3a9e2254ff31bf3035465611dbd50e71ff Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9s=20Moya?= <andres.moya@kaleidos.net>
Date: Wed, 29 Sep 2021 11:41:29 +0200
Subject: [PATCH] :sparkles: Protect external links

---
 frontend/src/app/util/dom.cljs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/frontend/src/app/util/dom.cljs b/frontend/src/app/util/dom.cljs
index a170481fc5..b6c50eb1b0 100644
--- a/frontend/src/app/util/dom.cljs
+++ b/frontend/src/app/util/dom.cljs
@@ -399,7 +399,9 @@
   ([uri]
    (open-new-window uri "_blank"))
   ([uri name]
-   (js/window.open (str uri) name)))
+   ;; Warning: need to protect against reverse tabnabbing attack
+   ;; https://www.comparitech.com/blog/information-security/reverse-tabnabbing/
+   (.open js/window (str uri) name "noopener,noreferrer")))
 
 (defn browser-back
   []