From f89faafb029b975e5cd7fe8f1d93b3cdda4c4294 Mon Sep 17 00:00:00 2001
From: seonghobae <8172694+seonghobae@users.noreply.github.com>
Date: Sat, 27 Jun 2026 14:26:25 +0000
Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20?=
=?UTF-8?q?=EC=99=B8=EB=B6=80=20=EB=A7=81=ED=81=AC=20reverse=20tabnabbing?=
=?UTF-8?q?=20=EC=99=84=ED=99=94?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
참고문헌 섹션 등의 외부 링크에 target="_blank"와 rel="noopener noreferrer"를 추가하여 reverse tabnabbing 취약점을 완화했습니다.
---
.jules/sentinel.md | 4 ++++
index.html | 8 ++++----
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
index 499037d..601d363 100644
--- a/.jules/sentinel.md
+++ b/.jules/sentinel.md
@@ -10,3 +10,7 @@
**Vulnerability:** Unhandled exceptions when accessing `localStorage` in strict browser privacy modes (e.g., when cookies are blocked).
**Learning:** Browsers throw a `SecurityError` when `localStorage` is accessed and the user has blocked third-party cookies or is in a strict privacy mode. If unhandled, this crashes the executing script, leading to a degraded user experience (DoS-like behavior for privacy-conscious users).
**Prevention:** Always wrap `localStorage.getItem` and `localStorage.setItem` in `try-catch` blocks to fail securely and fall back to sensible defaults.
+## 2026-06-27 - 외부 링크의 reverse tabnabbing 취약점 완화
+**Vulnerability:** 외부 링크(특히 참조문헌 링크 등)에 `target="_blank"` 속성을 사용하거나 새 탭으로 여는 동작을 유도할 때, `rel="noopener noreferrer"` 속성이 누락되어 Reverse Tabnabbing 공격에 노출될 수 있음.
+**Learning:** `rel="noopener noreferrer"`가 없으면 새로 열린 탭의 페이지가 `window.opener` 객체를 통해 원래 페이지의 `location`을 악의적인 사이트로 변경할 수 있습니다.
+**Prevention:** 외부 도메인으로 연결되는 모든 링크에는 항상 `target="_blank"`와 함께 `rel="noopener noreferrer"`를 추가하여 부모 창에 대한 접근을 차단해야 합니다.
diff --git a/index.html b/index.html
index dbb0157..0c8201a 100644
--- a/index.html
+++ b/index.html
@@ -251,19 +251,19 @@
참고문헌
-
Ackoff, R. L. (1989). From data to wisdom. Journal of Applied Systems Analysis, 16(1), 3-9.
- https://faculty.ung.edu/kmelton/documents/datawisdom.pdf
+ https://faculty.ung.edu/kmelton/documents/datawisdom.pdf
-
Baskarada, S., & Koronios, A. (2013). Data, information, knowledge, wisdom (DIKW): A semiotic theoretical and empirical exploration of the hierarchy and its quality dimension. Australasian Journal of Information Systems, 18(1).
- https://doi.org/10.3127/ajis.v18i1.748
+ https://doi.org/10.3127/ajis.v18i1.748
-
Frické, M. (2009). The knowledge pyramid: A critique of the DIKW hierarchy. Journal of Information Science, 35(2), 131-142.
- https://doi.org/10.1177/0165551508094050
+ https://doi.org/10.1177/0165551508094050
-
Brienza, J. P., Kung, F. Y. H., Santos, H. C., Bobocel, D. R., & Grossmann, I. (2018). Wisdom, bias, and balance: Toward a process-sensitive measurement of wisdom-related cognition. Journal of Personality and Social Psychology, 115(6), 1093-1126.
- https://doi.org/10.1037/pspp0000171
+ https://doi.org/10.1037/pspp0000171
From c2d931584ef882c0c81b6a335b38a0f9c2a48f8a Mon Sep 17 00:00:00 2001
From: seonghobae <8172694+seonghobae@users.noreply.github.com>
Date: Sat, 27 Jun 2026 14:59:29 +0000
Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20?=
=?UTF-8?q?=EC=99=B8=EB=B6=80=20=EB=A7=81=ED=81=AC=20reverse=20tabnabbing?=
=?UTF-8?q?=20=EC=99=84=ED=99=94?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
참고문헌 섹션 등의 외부 링크에 target="_blank"와 rel="noopener noreferrer"를 추가하여 reverse tabnabbing 취약점을 완화했습니다.
From dfa6d783c1dbaae464683df85a0c26013faf05c0 Mon Sep 17 00:00:00 2001
From: Seongho Bae
Date: Mon, 29 Jun 2026 01:19:10 +0900
Subject: [PATCH 3/3] Address reverse tabnabbing review feedback
---
.jules/sentinel.md | 2 +-
index.html | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
index 601d363..e30db0d 100644
--- a/.jules/sentinel.md
+++ b/.jules/sentinel.md
@@ -13,4 +13,4 @@
## 2026-06-27 - 외부 링크의 reverse tabnabbing 취약점 완화
**Vulnerability:** 외부 링크(특히 참조문헌 링크 등)에 `target="_blank"` 속성을 사용하거나 새 탭으로 여는 동작을 유도할 때, `rel="noopener noreferrer"` 속성이 누락되어 Reverse Tabnabbing 공격에 노출될 수 있음.
**Learning:** `rel="noopener noreferrer"`가 없으면 새로 열린 탭의 페이지가 `window.opener` 객체를 통해 원래 페이지의 `location`을 악의적인 사이트로 변경할 수 있습니다.
-**Prevention:** 외부 도메인으로 연결되는 모든 링크에는 항상 `target="_blank"`와 함께 `rel="noopener noreferrer"`를 추가하여 부모 창에 대한 접근을 차단해야 합니다.
+**Prevention:** 외부 링크를 새 탭으로 열기 위해 `target="_blank"`를 사용할 때만 `rel="noopener noreferrer"`를 함께 추가하여 부모 창에 대한 접근을 차단해야 합니다.
diff --git a/index.html b/index.html
index 0c8201a..dbb0157 100644
--- a/index.html
+++ b/index.html
@@ -251,19 +251,19 @@ 참고문헌
-
Ackoff, R. L. (1989). From data to wisdom. Journal of Applied Systems Analysis, 16(1), 3-9.
- https://faculty.ung.edu/kmelton/documents/datawisdom.pdf
+ https://faculty.ung.edu/kmelton/documents/datawisdom.pdf
-
Baskarada, S., & Koronios, A. (2013). Data, information, knowledge, wisdom (DIKW): A semiotic theoretical and empirical exploration of the hierarchy and its quality dimension. Australasian Journal of Information Systems, 18(1).
- https://doi.org/10.3127/ajis.v18i1.748
+ https://doi.org/10.3127/ajis.v18i1.748
-
Frické, M. (2009). The knowledge pyramid: A critique of the DIKW hierarchy. Journal of Information Science, 35(2), 131-142.
- https://doi.org/10.1177/0165551508094050
+ https://doi.org/10.1177/0165551508094050
-
Brienza, J. P., Kung, F. Y. H., Santos, H. C., Bobocel, D. R., & Grossmann, I. (2018). Wisdom, bias, and balance: Toward a process-sensitive measurement of wisdom-related cognition. Journal of Personality and Social Psychology, 115(6), 1093-1126.
- https://doi.org/10.1037/pspp0000171
+ https://doi.org/10.1037/pspp0000171