commit | 5649fc9f98f73f66f6fe7f5be34e263c5e553537 | [log] [tgz] |
---|---|---|
author | Matthias Villiger <mvi@bsi-software.com> | Fri Aug 31 11:07:42 2018 +0200 |
committer | Matthias Villiger <mvi@bsi-software.com> | Tue Sep 04 03:37:52 2018 -0400 |
tree | f9b68d6f1e8e360c115d415211c0b346b7ee693d | |
parent | 3779745b493ed89b6afb73c05d04eff0a2de7285 [diff] |
Enable external link protection If a Scout application opens a popup browser window and loads an untrusted external site, this site gets a reference to the origin Scout application using the 'window.opener' reference set by the browser. The untrusted site is then able to load any other site or content in the original browser window holding the Scout application. This allows to load a phishing site to steal credentials or other sensitive information of the victim. The victim may not notice that the original browser has been modified. To prevent this attack the opener reference is cleared for popups opened using JavaScript. For links the additional attribute rel="norefferer noopener" is added. Please note that this feature is not yet supported by all browsers. This affects: - The URI open handler used by IDesktop#openUri - The BrowserField which may be configured to open in a popup window - Forms having the DISPLAY_HINT_POPUP_WINDOW - The builder to create HTML links like <a href="..."> See https://mathiasbynens.github.io/rel-noopener/ #231171 Change-Id: I11475aefbb68b9c5d216d7c9bc3b9debbb648a53 Reviewed-on: https://git.eclipse.org/r/128461 Tested-by: CI Bot Reviewed-by: Claudio Guglielmo <claudio.guglielmo@bsiag.com> Reviewed-by: Matthias Villiger <mvi@bsi-software.com>
[Eclipse Scout] 1 is a mature and open framework for modern, service oriented business applications. It substantially boosts developer productivity and is simple to learn.
This Repository Eclipse Scout RT contains the source for the runtime components embedded in the applications build on top of the Eclipse Scout Framework.
The content of this repository is build on the Eclipse infrastructure and the different versions are available on several [P2 Update Sites] 2.
The easiest way to start with Eclipse Scout is to download Eclipse for Scout Developers Eclipse for Scout Developers on the [Eclipse downloads page] 3.
We welcome any kind of contributions (Bug report, documentation, code contribution...). Please read the [Eclipse Scout Contribution page] 7 to know more about it.
The contribution process of Eclipse Scout is hosted on tools deployed by the Eclipse Foundation (involing [Bugzilla] 6, Gerrit, Hudson, MediaWiki...).
External tools like the GitHub tracker and pull requests are not supported.
To get in touch with the Eclipse Scout community, please open a thread in the [Eclipse Scout Forum] 5 or send a mail to [our mailing list] 8: scout-dev@eclipse.org
[Eclipse Public License (EPL) v1.0] 9