Fixes minor vulnerability when using target="_blank" on links (RSPEC-5148)

2025-07-28 17:02:04 +03:00 · 2021-05-24 16:17:08 -04:00
parent df0e03cd07
commit 7a6f21648a
7 changed files with 12 additions and 11 deletions
--- a/resources/views/api-docs/index.blade.php
+++ b/resources/views/api-docs/index.blade.php
@ -190,7 +190,7 @@
                            <h5 id="{{ $endpoint['name'] }}" class="text-mono mb-m">
                                <span class="api-method" data-method="{{ $endpoint['method'] }}">{{ $endpoint['method'] }}</span>
                                @if($endpoint['controller_method_kebab'] === 'list')
-                                    <a style="color: inherit;" target="_blank" href="{{ url($endpoint['uri']) }}">{{ url($endpoint['uri']) }}</a>
+                                    <a style="color: inherit;" target="_blank" rel="noopener" href="{{ url($endpoint['uri']) }}">{{ url($endpoint['uri']) }}</a>
                                @else
                                    {{ url($endpoint['uri']) }}
                                @endif