RE: Steemit target _blank vulnerability inspection

You are viewing a single comment's thread from:

RE: Steemit target _blank vulnerability inspection

View the full context

smitop (52)in #security • 7 years ago (edited)

This is not XSS.

Also, Steemit already does this. SanitizeConfig.js, line 180.

            if (!href.match(/^(\/(?!\/)|https:\/\/steemit.com)/)) {
                // attys.target = '_blank' // pending iframe impl https://mathiasbynens.github.io/rel-noopener/
                attys.rel = highQualityPost ? 'noopener' : 'nofollow noopener';
                attys.title = getExternalLinkWarningMessage();
            }

The attack doesn't work for me (I'm running Firefox).

7 years ago in #security by smitop (52)

$0.00

Sort:

Trending

[-]

gaottantacinque (59) 7 years ago (edited)

It's not an XSS attack per se but if one of the trusted sites, A, has been compromised by an XSS attack, with the ability to inject a script then this attack can be leveraged to also compromise the access credentials to site B (steemit in this case) by redirecting the login attempt on site B to a malicious imitation of site B's login page.

AFAIK nofollow and noopener don't fix the issue on Safari and other old versions of popular browsers.

$0.00

3 votes