If you are a web developer, It’s very likely that you have used the
target="_blank" attribute in your web application, regardless of the Framework or the templating language used, there is a good chance that you added this attribute to your HTML without considering the fact that this attribute might be unsecure.
What Makes The target=“_blank” attribute Unsecure?
When you add the
target="_blank" attribute to your HTML, you are telling the browser that you want to open the link in a new tab, but you also give partial access to the linked page to the current page thanks to the
Let’s consider the following HTML fragment in the page
<a href="https://other-site.com" target="_blank">Other Site</a>
In the above example the opened tab (
https://other-site.com) will have access to the current page(
https://my-site.com/), but the current page will not have access to the opened tab.
The newly opened tab can access all the
Window Object of the openning tab, so it can do anything that the current page can do, like: redirection, html injection, etc.
window.open("https://other-site.com", "_blank" );
the same thing happens here, the opened tab will have access to the current page, but the current page will not have access to the opened tab.
How To Protect Yourself Against The target=“_blank” Vulnerability?
To protect yourself against this vulnerability, you can use the following techniques:
With HTML :
Add the following attribute to your HTML element:
<a href="https://other-site.com" target="_blank" rel="noopener noreferrer">Other Site</a>
window.open("https://other-site.com", "_blank", "noopener, noreferrer");
That’s it, I hope you found this article helpful and that you can use it to protect yourself against the target=“_blank” vulnerability. Don’t hesitate to follow me on Twitter: @FrenchTechLead for more fun and interesting articles.