I am learning from scratch. What to you thing about my first attempt?
- Target blank vulnerability
<a href="https://en.wikipedia.org/wiki/Patch_Adams" target="_blank"><img src="http://encuentromundialdevalores.org/eng/wp-content/uploads/sites/2/2014/05/patch_adams.jpg"></a>
Note: When using target, consider adding rel="noopener noreferrer"
to avoid exploitation of the window.opener API.
TL;DR If window.opener is set, a page can trigger a navigation in the opener regardless of security origin.
People using target=’_blank’ links usually have no idea about this curious fact:
The page we’re linking to gains partial access to the linking page via the window.opener object.
How to fix
Add this to your outgoing links.
Update: FF does not support “noopener” so add this.
Remember, that every time you open a new window via window.open(); you’re also “vulnerable” to this, so always reset the “opener” property
var newWnd = window.open(); newWnd.opener = null;
- Do not use lower levels to decrease heading font size:
<h3 class="text-center red-text"><b>Hunter Doherty "Patch" Adams</b></h3> <h4 class="text-center crimson-text"> physician, comedian, social activist, clown, and author</h4>
Do not use lower levels to decrease heading font size: use the CSS font-size property instead.Avoid skipping heading levels: always start from
<h1>, next use
<h2>and so on.
h2–h6 elements must not be used to markup subheadings, subtitles, alternative titles and taglines unless intended to be the heading for a new section or subsection. Instead use the markup patterns in the §4.13 Common idioms without dedicated elements section of the specification.
Cheers and happy coding
thanks a lot for the useful advices