From 42c0198918f9a327e6ca4dc51d5f43c8517f6b16 Mon Sep 17 00:00:00 2001
From: John Wilson <irewilson@gmail.com>
Date: Thu, 1 Oct 2020 02:21:12 +0800
Subject: [PATCH] Fix - prevent phishing attacks

When a link opens a URL in a new tab with target="_blank", it is very simple for the opened page to change the location of the original page because the JavaScript variable window.opener is not null and thus "window.opener.location can be set by the opened page. This exposes the user to very simple phishing attacks.
---
 packages/react-devtools/app.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/react-devtools/app.html b/packages/react-devtools/app.html
index c40b72ab65ff9..c2193698fca75 100644
--- a/packages/react-devtools/app.html
+++ b/packages/react-devtools/app.html
@@ -121,6 +121,7 @@
               id="rn-help-link"
               class="link"
               target="_blank"
+              rel="noopener noreferrer"
               href="https://reactnative.dev/docs/debugging#accessing-the-in-app-developer-menu"
             >in-app developer menu</a> to connect.
           </div>