An Interest In:
Web News this Week
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
target="_blank" is a security risk?
As we all use target="_blank" to open the link into new tab of a window but everyone should know a risk inside it.
When we open a new tab link window.opener
get triggered which made a limited access to the specific tab opened, for example; you can not go back in the previous page by clicking back button from your URL bar.
So what is the risk here?
when the new tab link open it can alter the Link page URL from window.opener.location
.
If your external link is not trusty that may cause a real problem to your website.
What can happen?
- Hacker can redirect your domain.
- CSRF can be performed.
- XML entities can be altered.
How to prevent this?
Do not forget to add relation attribute in your link tag rel=noopener noreferrer
In a Nutshell <a href="https://thehassantahir.web.app" target="_blank" rel="noopener noreferrer">Thehassantahir</a>
Original Link: https://dev.to/thehassantahir/targetblank-is-a-security-risk-1ee4
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To