Fix links to open new browser tab

webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh.adoc

@@ -1,3 +1,6 @@
+:linkattrs:
+
+
 == Refreshing a token
 
 === Introduction
@@ -79,7 +82,7 @@ There are a lot of resources available which question the usecase for using JWT
 with regards to cookies. The best place to use a JWT token is between server to server communication. In a normal web
 application you are better of using plain old cookies. See for more information:
 
-- http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
+- http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/[stop-using-jwt-for-sessions, window="_blank"]
-- http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/
+- http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/[stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work, window="_blank"]
-- http://cryto.net/~joepie91/blog/attachments/jwt-flowchart.png
+- http://cryto.net/~joepie91/blog/attachments/jwt-flowchart.png[flowchart, window="_blank"]
 

webgoat-lessons/jwt/src/main/resources/lessonPlans/en/JWT_refresh_assignment.adoc

@@ -1,7 +1,9 @@
+:linkattrs:
+
 == Refreshing a token
 
 It is important to implement a good strategy for refreshing an access token. This assignment is based on a vulnerability
-found in a private bug bounty program on Bugcrowd, you can read the full write up https://emtunc.org/blog/11/2017/jwt-refresh-token-manipulation/[here]
+found in a private bug bounty program on Bugcrowd, you can read the full write up https://emtunc.org/blog/11/2017/jwt-refresh-token-manipulation/[here, window="_blank"]
 
 === Assignment