Security hints #6188

thollander · 2021-04-12T15:20:15Z

Is your feature request related to a problem? Please describe.

Svelte is really helpful for giving hints such as a11y (eg: A11y: '' is not a valid href attribute).
My point here would be to do kind of the same thing with basic security rules.

For instance, one of a security rule would be to not make a target=_blank on a link without the attributes rel="noreferrer noopener".

The text was updated successfully, but these errors were encountered:

stale · 2021-07-11T16:01:04Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

mcmxcdev · 2021-07-11T16:47:42Z

Not stale, also already has PR ready for it.

Conduitry · 2022-10-15T14:01:43Z

There is now a compile-time warning for this in 3.52.0.

jleveugle mentioned this issue May 3, 2021

[feat] add security warning for anchor element (rel attribute) #6289

Merged

Prinzhorn mentioned this issue Jun 22, 2021

XSS in href attribute, issue a warning #6423

Closed

stale bot added the stale-bot label Jul 11, 2021

stale bot removed the stale-bot label Jul 11, 2021

tanhauhau closed this as completed in #6289 Oct 13, 2022

oekazuma mentioned this issue Oct 28, 2022

fix(create-vite): add rel="noreferrer" to elements with target="_blank" vitejs/vite#10675

Merged

9 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security hints #6188

Security hints #6188

thollander commented Apr 12, 2021

stale bot commented Jul 11, 2021

mcmxcdev commented Jul 11, 2021

Conduitry commented Oct 15, 2022

Security hints #6188

Security hints #6188

Comments

thollander commented Apr 12, 2021

stale bot commented Jul 11, 2021

mcmxcdev commented Jul 11, 2021

Conduitry commented Oct 15, 2022