Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,7 @@
**Vulnerability:** Unhandled exceptions when accessing `localStorage` in strict browser privacy modes (e.g., when cookies are blocked).
**Learning:** Browsers throw a `SecurityError` when `localStorage` is accessed and the user has blocked third-party cookies or is in a strict privacy mode. If unhandled, this crashes the executing script, leading to a degraded user experience (DoS-like behavior for privacy-conscious users).
**Prevention:** Always wrap `localStorage.getItem` and `localStorage.setItem` in `try-catch` blocks to fail securely and fall back to sensible defaults.
## 2026-06-27 - μ™ΈλΆ€ 링크의 reverse tabnabbing 취약점 μ™„ν™”
**Vulnerability:** μ™ΈλΆ€ 링크(특히 μ°Έμ‘°λ¬Έν—Œ 링크 λ“±)에 `target="_blank"` 속성을 μ‚¬μš©ν•˜κ±°λ‚˜ μƒˆ νƒ­μœΌλ‘œ μ—¬λŠ” λ™μž‘μ„ μœ λ„ν•  λ•Œ, `rel="noopener noreferrer"` 속성이 λˆ„λ½λ˜μ–΄ Reverse Tabnabbing 곡격에 λ…ΈμΆœλ  수 있음.
**Learning:** `rel="noopener noreferrer"`κ°€ μ—†μœΌλ©΄ μƒˆλ‘œ μ—΄λ¦° νƒ­μ˜ νŽ˜μ΄μ§€κ°€ `window.opener` 객체λ₯Ό 톡해 μ›λž˜ νŽ˜μ΄μ§€μ˜ `location`을 μ•…μ˜μ μΈ μ‚¬μ΄νŠΈλ‘œ λ³€κ²½ν•  수 μžˆμŠ΅λ‹ˆλ‹€.
**Prevention:** μ™ΈλΆ€ 링크λ₯Ό μƒˆ νƒ­μœΌλ‘œ μ—΄κΈ° μœ„ν•΄ `target="_blank"`λ₯Ό μ‚¬μš©ν•  λ•Œλ§Œ `rel="noopener noreferrer"`λ₯Ό ν•¨κ»˜ μΆ”κ°€ν•˜μ—¬ λΆ€λͺ¨ 창에 λŒ€ν•œ 접근을 차단해야 ν•©λ‹ˆλ‹€.