September 2, 2016
Evolve Framework update 1.0.4
The article explained a very peculiar vulnerability that is intrinsic when using the
target="_blank" directive for our HTML links; turns out, as odd as this bug might sound, that its dangerousness is inversely proportional to the ease of exploit.
Long story short: it’s better to accompany your
target="_blank"s with a
rel="noopener noreferrer" attribute, in order not to give the landing page access to the browser tab that originated it, a thing that could potentially be malicious.
As a result of learning this, today we’re updating the Evolve Framework with a fix that takes care of resolving the issue on Brix as well: simply update the Evolve Framework plugin to the latest version (currently 1.0.4), and you’ll be good to go.