Potential security vulnerability when using the Hyperlink Manager in the Telerik RadEditor

2 posts, 0 answers
  1. Евгений
    Евгений avatar
    2 posts
    Member since:
    Jan 2016

    Posted 14 Sep 2016 Link to this post

    Hi guys,

    One of the options of the RadEditor is an option to create links using UI (see the attached screenshot RedEditorVulnerability.jpg)

    Here is an option to open a new tab when clicking this link on a front-end site.

    What I've recently found is this article with an example https://dev.to/ben/the-targetblank-vulnerability-by-example which says that using the "target=_blank" is a potential security hole for any site in any browser for now.

    Also there are some suggestions regarding on how to prevent this (by adding the rel="noopener noreferrer" attribute to a link).

    So I'd like to ask you to add a possibility in the Hyperlink Manager to secure such links (e.g. some kind of checkbox "Protect my link from the target=_blank vulnerability"). This functionality may be very helpful for those clients who are focused on their sites' security.

    Thank you!

  2. Ianko
    Ianko avatar
    1738 posts

    Posted 16 Sep 2016 Link to this post


    The same topic is discussed in this forum thread: http://www.telerik.com/forums/potential-security-vulnerability-when-using-the-telerik-radeditor

    If you have any additional comments on the same topic, please make sure to either reply in the forum thread linked above or, as suggested, post them in a feedback portal item (http://feedback.telerik.com/Project/108/). 

    Telerik by Progress
    Do you need help with upgrading your ASP.NET AJAX, WPF or WinForms projects? Check the Telerik API Analyzer and share your thoughts.
Back to Top