99 Percent of Web Developers Don't Know About This very common Vulnerability
Akram MECHERI
Technical Leader | Blogger | Freelancer
As a passionate technical leader, I am skilled in FullStack Java development and have a strong background in DevOps, Cloud, and Kubernetes. I have a track record of delivering high-quality software, and I am always seeking to improve my knowledge and skills through continuing education and hands-on experience.
Get in Touch
If you are a web developer, It’s very likely that you have used the target="_blank" attribute in your web application, regardless of the Framework or the templating language used, there is a good chance that you added this attribute to your HTML without considering the fact that this attribute might be unsecure.
What Makes The target=“_blank” attribute Unsecure?
When you add the target="_blank" attribute to your HTML, you are telling the browser that you want to open the link in a new tab, but you also give partial access to the linked page to the current page thanks to the window.opener JavaScript object.
Example 1:
Let’s consider the following HTML fragment in the page https://my-site.com/ :
<a href="https://other-site.com" target="_blank">Other Site</a>In the above example the opened tab (https://other-site.com) will have access to the current page(https://my-site.com/), but the current page will not have access to the opened tab.
The newly opened tab can access all the Window Object of the openning tab, so it can do anything that the current page can do, like: redirection, html injection, etc.
Example 2:
This vulnerability is also possible with JavaScript code:
window.open("https://other-site.com", "_blank" );the same thing happens here, the opened tab will have access to the current page, but the current page will not have access to the opened tab.
How To Protect Yourself Against The target=“_blank” Vulnerability?
To protect yourself against this vulnerability, you can use the following techniques:
With HTML :
Add the following attribute to your HTML element:
<a href="https://other-site.com" target="_blank" rel="noopener noreferrer">Other Site</a>With JavaScript :
Add the following code to your JavaScript file:
window.open("https://other-site.com", "_blank", "noopener, noreferrer");Final Thoughts,
That’s it, I hope you found this article helpful and that you can use it to protect yourself against the target=“_blank” vulnerability. Don’t hesitate to follow me on Twitter: @FrenchTechLead for more fun and interesting articles.
