We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.
Ensure you are calling event.preventDefault() on all new-window events where the url or options is not something you expect.
event.preventDefault()
new-window
url
options
9.0.0-beta.21
8.2.4
7.2.4
If you have any questions or comments about this advisory:
Impact
The vulnerability allows arbitrary local file read by defining unsafe window options on a child window opened via window.open.
Workarounds
Ensure you are calling
event.preventDefault()on allnew-windowevents where theurloroptionsis not something you expect.Fixed Versions
9.0.0-beta.218.2.47.2.4For more information
If you have any questions or comments about this advisory: