Hi guys,
One of the options of the RadEditor is an option to create links using UI (see the attached screenshot RedEditorVulnerability.jpg)
Here is an option to open a new tab when clicking this link on a front-end site.
What I've recently found is this article with an example https://dev.to/ben/the-targetblank-vulnerability-by-example which says that using the "target=_blank" is a potential security hole for any site in any browser for now.
Also there are some suggestions regarding on how to prevent this (by adding the rel="noopener noreferrer" attribute to a link).
So I'd like to ask you to add a possibility in the Hyperlink Manager to secure such links (e.g. some kind of checkbox "Protect my link from the target=_blank vulnerability"). This functionality may be very helpful for those clients who are focused on their sites' security.
Thank you!
1 Answer, 1 is accepted
Hello,
The same topic is discussed in this forum thread: http://www.telerik.com/forums/potential-security-vulnerability-when-using-the-telerik-radeditor.
If you have any additional comments on the same topic, please make sure to either reply in the forum thread linked above or, as suggested, post them in a feedback portal item (http://feedback.telerik.com/Project/108/).
Regards,Ianko
Telerik by Progress