From 4e07e0ebfa122174070c7a355f139e48e7aa4741 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nanne.baars@owasp.org>
Date: Tue, 29 May 2018 14:04:33 +0200
Subject: [PATCH] Fix links to open new browser tab

---
 .../src/main/resources/lessonPlans/en/JWT_refresh.adoc   | 9 ++++++---
 .../resources/lessonPlans/en/JWT_refresh_assignment.adoc | 4 +++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc b/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc
index 06d1bac48..3b91e0bfa 100644
--- a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc
+++ b/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc
@@ -1,3 +1,6 @@
+:linkattrs:
+
+
 == Refreshing a token
 
 === Introduction
@@ -79,7 +82,7 @@ There are a lot of resources available which question the usecase for using JWT
 with regards to cookies. The best place to use a JWT token is between server to server communication. In a normal web
 application you are better of using plain old cookies. See for more information:
 
-- http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
-- http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/
-- http://cryto.net/~joepie91/blog/attachments/jwt-flowchart.png
+- http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/[stop-using-jwt-for-sessions, window="_blank"]
+- http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/[stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work, window="_blank"]
+- http://cryto.net/~joepie91/blog/attachments/jwt-flowchart.png[flowchart, window="_blank"]
 
diff --git a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc b/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc
index 7be6d82f8..6656b9355 100644
--- a/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc
+++ b/webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc
@@ -1,7 +1,9 @@
+:linkattrs:
+
 == Refreshing a token
 
 It is important to implement a good strategy for refreshing an access token. This assignment is based on a vulnerability
-found in a private bug bounty program on Bugcrowd, you can read the full write up https://emtunc.org/blog/11/2017/jwt-refresh-token-manipulation/[here]
+found in a private bug bounty program on Bugcrowd, you can read the full write up https://emtunc.org/blog/11/2017/jwt-refresh-token-manipulation/[here, window="_blank"]
 
 === Assignment