Posts Tagged ‘exploit’

Target=”_blank” Vulnerability and How to Protect Your Sites

Browsers, How-Tos, HTML | Posted by Keefr May 1st, 2017

Markup / HTMLThis exploit is over a year old, but I just now came across it. Messing around with a security plugin for WordPress last week, there was a setting about combatting an exploit with target=”_blank” — something most developers use time and time again to open links to external sites in a new tab or window.

Turns out that hackers have found a way to exploit that as the target=”_blank” has partial access to the linking page via the window.opener object.

Luckily it’s real easy to combat, adding rel="noopener noreferrer" to each external link.

Source: JitBit – Target=”_blank” – the most underestimated vulnerability ever