Target=”_blank” Vulnerability and How to Protect Your Sites

Markup / HTMLThis exploit is over a year old, but I just now came across it. Messing around with a security plugin for WordPress last week, there was a setting about combatting an exploit with target=”_blank” — something most developers use time and time again to open links to external sites in a new tab or window.

Turns out that hackers have found a way to exploit that as the target=”_blank” has partial access to the linking page via the window.opener object.

Luckily it’s real easy to combat, adding rel="noopener noreferrer" to each external link.

Source: JitBit – Target=”_blank” – the most underestimated vulnerability ever

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.