Posts Tagged ‘HTML’

Target=”_blank” Vulnerability and How to Protect Your Sites

Browsers, How-Tos, HTML | Posted by Keefr May 1st, 2017

Markup / HTMLThis exploit is over a year old, but I just now came across it. Messing around with a security plugin for WordPress last week, there was a setting about combatting an exploit with target=”_blank” — something most developers use time and time again to open links to external sites in a new tab or window.

Turns out that hackers have found a way to exploit that as the target=”_blank” has partial access to the linking page via the window.opener object.

Luckily it’s real easy to combat, adding rel="noopener noreferrer" to each external link.

Source: JitBit – Target=”_blank” – the most underestimated vulnerability ever

Considering a New Flexible Heading HTML Tag

HTML | Posted by Keefr February 22nd, 2017

Markup / HTMLThis is one I’ve never thought about for, nor was I aware was even talked about, but there’s been talk for a long while about creating a new tag that’s not hierarchical, and thus more flexible especially for rearranging content for different devices, screen sizes, etc.

The question though is it necessary and/or worth it at this point for HTML.

Source: jakearchibald.com – Do we need a new heading element? We don’t know

HTML Entity Crimes

HTML | Posted by Keefr December 1st, 2016

markup-htmlI’m often Googling for HTML character entities that I use often — but not to remember their entity.

What’s an entity?

Here’s the formal definition, snagged from Google:
A character entity reference is an SGML construct that references a character of the document character set.The names of the entities are taken from the appendices of SGML (defined in [ISO8879]). symbols, mathematical symbols, and Greek letters. These characters may be represented by glyphs in the Adobe font “Symbol”.

The web has become a lot more forgiving (and character sets have changed), but in the past, I remember having to make sure character entities were used for every reference to an ampersand or em dashes.

Regardless, I’ve seen the article below come up more than once when I’m searching for a specific character entity. Thought it was past due to link to it.

Source: Line25 – 10 HTML Entity Crimes You Really Shouldn’t Commit

HTML Entity Tips

HTML, Web Development | Posted by Keefr February 24th, 2016

markup-htmlWhile I was doing a search this morning for an obscure HTML entity, I came across this article about 10 things people do wrong when dealing with HTML entities. It’s a great list.

Read the rest of this entry »