Reputation: 541
How can I avoid vulnerability with target="_blank" in a hyperlink?
I saw the following article on Twitter: https://gosink.in/are-you-making-website-vulnerable-target-blank-or-performance/
It looks like there may be a vulnerability in case a website uses target="_blank" in an HTML anchor (a tag), to make a link that opens in a new tab.
How can I avoid this kind of vulnerability if I need to use this functionality on a website?
Upvotes: 1
Views: 3357
Answers (2)
Reputation: 11
You should use rel="noopener" or better still rel="noopener noreferrer" but all current versions of major browsers as from 2021 automatically use the behavior of rel="noopener" for any target="_blank" link, So the issue is taken care of.
Upvotes: 1
Reputation: 541
TL;DR: According to the article, it would be safest to use rel="noopener noreferrer" in the HTML anchor.
For example:
<a href="https://google.com" target="_blank" rel="noopener noreferrer">Google it</a>
I would highly recommend reading the referenced article for a more complete understanding.
The vulnerability may be gone in some newer browsers, but I would not count on it in the near term.
Upvotes: 3
Related Questions
- Is an anchor tag without the href attribute safe?
- hyper link with target="_blank" does not open in new tab
- Link with target="_blank" and rel="noopener noreferrer" still vulnerable?
- Add target=”_blank”
- HTML a href with target set to "_blank" without moving to the opened page
- open link with target="_blank" can´t fix it
- Create a W3C validated anchor link with target="_blank"
- alternative to target="_blank"
- link open in a new tab using target = _blank on a tab that was previously opened as target = _blank
- Open in new tab (target="blank")