コミュニティアチーブメントバーを展開する。

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

この会話は、活動がないためロックされています。新しい投稿を作成してください。

解決済み

Unsafe third-party link (target="_blank")

Avatar

Level 5
Level 5
2019/08/06 10:34:21 AM

Hi All,

I am doing the scanning of my application(I am using AEM6.4) on IBM AppScan tool and found issue for "target="-blank" is unsafe. I am using newtab ( target="_blank") while authoring the URL in text content in RTE. And as per the tool recommendation the fix is :- Add the attribute rel = "noopener noreferrer" to each link element with target="_blank".

My doubt is do I need to add this fix with all of my target="_blank" on my AEM pages because I never used it. Please suggest

Regards,

表示

5.2K

返信

2
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
1 受け入れられたソリューション

Avatar

正解者
Level 2
Level 2
2019/08/06 10:10:31 PM

The third-party links with target="_blank" attribute and no rel="noopener noreferrer" attribute allows linked page partial access to the linking page window object. object of the original page to the linked page via window.opener object.This can be exploited for phishing attacks if the linked page is malicious.

So in your case If this is coming from RTE only then you need to place this as an authoring guildeline, But however , if this is coming from a hyperlink or CTA component then you should handle this programmatically, you can write an utility which identifies whether an link is external or not and based on that plance rel="noopener noreferrer" with the anchor tag.

元の投稿で解決策を見る

表示

4.4K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
返信にジャンプ
2 返信

Avatar

正解者
Level 2
Level 2
2019/08/06 10:10:31 PM

The third-party links with target="_blank" attribute and no rel="noopener noreferrer" attribute allows linked page partial access to the linking page window object. object of the original page to the linked page via window.opener object.This can be exploited for phishing attacks if the linked page is malicious.

So in your case If this is coming from RTE only then you need to place this as an authoring guildeline, But however , if this is coming from a hyperlink or CTA component then you should handle this programmatically, you can write an utility which identifies whether an link is external or not and based on that plance rel="noopener noreferrer" with the anchor tag.

表示

4.4K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
返信にジャンプ

Avatar

Level 5
Level 5
2019/08/07 10:39:58 AM

thanks Priyanka

表示

4.5K

返信

0
ログインしてこのコンテンツに「いいね!」する

いいね!の合計

翻訳
翻訳
関連する会話
Official link for Adobe Summit 2025 Solved

表示

181

いいね!

0

返信

2
AEM Cloud Service: Runtime Exclusion of External Links from Link Checker Solved

表示

897

いいね!

0

返信

3
Shared Link AEM/ Assets 6.5 Managed Service Solved

表示

574

いいね!

0

返信

4
Exported AEM Experience Fragment to Adobe Target not working Solved

表示

1.1K

いいね!

0

返信

4
New to AEM Cloud and UE - how can I create anchor (jump) links? No anchor function in the RTE. Solved

表示

304

いいね!

0

返信

1