From 29d8bf3ea4f9acd403eeee2044be94b6618e512c Mon Sep 17 00:00:00 2001
From: yukaidi <yukaidi@duck.com>
Date: Fri, 29 May 2026 03:24:53 +0800
Subject: [PATCH] fix(security): add noopener,noreferrer to all window.open
 calls

Prevent reverse tabnapping by adding security attributes to all
window.open calls that open links in new tabs.
---
 web-front/src/views/ClientLinks.vue | 4 ++--
 web-front/src/views/Home.vue        | 4 ++--
 web-front/src/views/Playground.vue  | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web-front/src/views/ClientLinks.vue b/web-front/src/views/ClientLinks.vue
index 0080a6b..00626d2 100644
--- a/web-front/src/views/ClientLinks.vue
+++ b/web-front/src/views/ClientLinks.vue
@@ -369,7 +369,7 @@ export default {
               copyToClipboard(link)
               return
             }
-            window.open(link, '_blank')
+            window.open(link, '_blank', 'noopener,noreferrer')
             ElMessage.success('正在唤起迅雷下载')
             break
             
@@ -386,7 +386,7 @@ export default {
     // 下载客户端
     const downloadClient = (type) => {
       const url = getClientDownloadUrl(type)
-      window.open(url, '_blank')
+      window.open(url, '_blank', 'noopener,noreferrer')
       ElMessage.success(`正在跳转到 ${getClientDisplayName(type)} 下载页面`)
     }
 
diff --git a/web-front/src/views/Home.vue b/web-front/src/views/Home.vue
index 6e9f719..ca29b65 100644
--- a/web-front/src/views/Home.vue
+++ b/web-front/src/views/Home.vue
@@ -1309,7 +1309,7 @@ export default {
     // 文件点击处理
     handleFileClick(file) {
       if (file.parserUrl) {
-        window.open(file.parserUrl, '_blank')
+        window.open(file.parserUrl, '_blank', 'noopener,noreferrer')
       } else {
         this.$message.warning('该文件暂无下载链接')
       }
@@ -1439,7 +1439,7 @@ export default {
 错误信息：${JSON.stringify(this.errorDetail, null, 2)}`;
       navigator.clipboard.writeText(text).then(() => {
         this.$message.success('已复制分享信息和错误详情');
-        window.open('https://github.com/qaiu/netdisk-fast-download/issues/new', '_blank');
+        window.open('https://github.com/qaiu/netdisk-fast-download/issues/new', '_blank', 'noopener,noreferrer');
       }).catch(() => {
         this.$message.error('复制失败');
       });
diff --git a/web-front/src/views/Playground.vue b/web-front/src/views/Playground.vue
index 42b79f2..7385466 100644
--- a/web-front/src/views/Playground.vue
+++ b/web-front/src/views/Playground.vue
@@ -1178,7 +1178,7 @@ function parseById(shareLinkInfo, http, logger) {
     
     // 新窗口打开首页
     const goHomeInNewWindow = () => {
-      window.open('/', '_blank');
+      window.open('/', '_blank', 'noopener,noreferrer');
     };
     
     // 检查是否有未保存的文件