Fix(React DevTools) - prevent phishing attacks (#19934)

When a link opens a URL in a new tab with target="_blank", it is very simple for the opened page to change the location of the original page because the JavaScript variable window.opener is not null and thus "window.opener.location can be set by the opened page. This exposes the user to very simple phishing attacks.
2026-01-15 12:15:22 +00:00 · 2020-10-01 23:25:38 +08:00
parent 91d2b6ef01
commit 8657ad4278
1 changed files with 1 additions and 0 deletions
--- a/packages/react-devtools/app.html
+++ b/packages/react-devtools/app.html
@@ -121,6 +121,7 @@
              id="rn-help-link"
              class="link"
              target="_blank"
+              rel="noopener noreferrer"
              href="https://reactnative.dev/docs/debugging#accessing-the-in-app-developer-menu"
            >in-app developer menu</a> to connect.
          </div>