[PR #2768] [MERGED] [sec] Fixes a few minor vulnerabilies when using target="_blank" on links (RSPEC-5148) #6061

New Issue

OVERLORD · 2026-02-05T10:23:37+03:00

OVERLORD commented

2026-02-05 10:23:37 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/2768
Author: @CorruptComputer
Created: 5/24/2021
Status: ✅ Merged
Merged: 5/25/2021
Merged by: @ssddanbrown

Base: master ← Head: RSPEC-5148-Fixes

📝 Commits (1)

7a6f216 Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148)

📊 Changes

7 files changed (+12 additions, -11 deletions)

View changed files

📝 resources/views/api-docs/index.blade.php (+1 -1)
📝 resources/views/attachments/manager-list.blade.php (+1 -1)
📝 resources/views/common/footer.blade.php (+1 -1)
📝 resources/views/components/image-manager-form.blade.php (+2 -1)
📝 resources/views/components/page-picker.blade.php (+1 -1)
📝 resources/views/pages/revisions.blade.php (+3 -3)
📝 resources/views/partials/entity-export-menu.blade.php (+3 -3)

📄 Description

Using target="_blank" on links without adding rel="noopener" can be a minor vulnerability.
See RSPEC-5148 for more info on the specifics of the issue.

This is not really an issue on most up to date browsers (Chrome 88+, Firefox 79+ or Safari 12.1+) though I think its always best to program defensively since you don't know what browser the end users will end up using.

If you don't see any benefit in adding this feel free to close.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/2768 **Author:** [@CorruptComputer](https://github.com/CorruptComputer) **Created:** 5/24/2021 **Status:** ✅ Merged **Merged:** 5/25/2021 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `master` ← **Head:** `RSPEC-5148-Fixes` --- ### 📝 Commits (1) - [`7a6f216`](https://github.com/BookStackApp/BookStack/commit/7a6f21648a1d7286693fb7795b6e02d92f7b394c) Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148) ### 📊 Changes **7 files changed** (+12 additions, -11 deletions) <details> <summary>View changed files</summary> 📝 `resources/views/api-docs/index.blade.php` (+1 -1) 📝 `resources/views/attachments/manager-list.blade.php` (+1 -1) 📝 `resources/views/common/footer.blade.php` (+1 -1) 📝 `resources/views/components/image-manager-form.blade.php` (+2 -1) 📝 `resources/views/components/page-picker.blade.php` (+1 -1) 📝 `resources/views/pages/revisions.blade.php` (+3 -3) 📝 `resources/views/partials/entity-export-menu.blade.php` (+3 -3) </details> ### 📄 Description Using `target="_blank"` on links without adding `rel="noopener"` can be a minor vulnerability. See [RSPEC-5148](https://rules.sonarsource.com/html/RSPEC-5148) for more info on the specifics of the issue. This is not really an issue on most up to date browsers (Chrome 88+, Firefox 79+ or Safari 12.1+) though I think its always best to program defensively since you don't know what browser the end users will end up using. If you don't see any benefit in adding this feel free to close. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:23:37 +03:00

OVERLORD closed this issue

2026-02-05 10:23:39 +03:00

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#6061