Yikes, target=_blank is a pretty bad security risk: https://mathiasbynens.github.io/rel-noopener/ — Good find by @mathias!
-
-
Replying to @janl1 reply 0 retweets 1 like
Replying to @tobiasgies
@tobiasgies As noted—it does! `opener.location` is accessible across origins. Things like `opener.document` are subject to CORS though @janl
0 replies
1 retweet
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.