Weird Editing Permissions error

General Server Forum (Inactive)
Weird Editing Permissions error Nat  2018-04-24 12:25
Status: Closed
 
I had granted editing permissions to a colleague (mwfoster@duke.edu (mwfoster)) to work on our Duke University Course page: https://skyline.ms/project/home/software/Skyline/events/2018%20Duke%20Course/begin.view?

When making an edit and trying to save he gets a very odd error that says:

 “error saving wiki” in the basic editor or “rel attribute
must be set to noopener noreferrer with target=”_blank”. Error on element <a>.” in the advanced
editor.

The only way we could work around this was removing all the "target=”_blank”" tags from the page ...

I got the same error when I impersonated him but did not when I tried to edit as myself.

Attached is the thread we had about this ...

Nat
 
 
jeckels responded:  2018-04-24 18:27
Hi Nat,

This is protection for a security concern, called tabnapping. https://en.wikipedia.org/wiki/Tabnabbing

Users who are in the site admin or developer groups are trusted to create HTML that includes <a> tags that use target="_blank".

Other users are required to either remove the _blank option, or add rel="noopener noreferrer" to the <a> tag. We have an open issue on this and I've put in another vote to improve the error message to give better guidance to those who aren't HTML experts, and/or just automatically inject the rel setting to make it safe.

Thanks,
Josh