Click here to Skip to main content
14,266,990 members

One of the Most Unsafe CSS Attribute: target=_blank

Rate this:
5.00 (8 votes)
Please Sign up or sign in to vote.
5.00 (8 votes)
18 Jul 2016CPOL
One of the most unsafe CSS attribute: target=_blank

People who are new to blogging tend to use "target=_blank" attribute most often. This is generally a preferred choice of bloggers and content writers. "target=_blank" will open a link in a new tab and hence the user will never get a chance to go back to the previous page. This makes SEO of website or blog very good.

But there is one very big problem that bloggers don't notice and hence, it makes their blog/website vulnerable to the phishing attack. Let us tell you how:

Whenever a link is opened in a new tab, its window.opener points to the currently opened page, i.e., index.html. Now, the newly opened tab can then change the window.opener.location to some phishing page and hence malign index.html.

index.html could possibly be changed into index.html#malign which looks exactly the same as the currently opened page. This could result in hacking of your login credentials. Even Google knows this problem!!

How to Avoid Problem of target=_blank

To avoid this type of attack, add the following attribute in your links:

rel="noopener"

Firefox doesn't support rel="noopener", so use:

rel="noopener noreferrer"

A slight change in your links could save you from a large web attack. All the best!!

Let us know if you have any queries or suggestions. Please subscribe for more awesome hacks. Have a nice day!

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Andy Point
Software Developer (Senior)
India India
Hello Developer!

As a co-founder, I would like to welcome you to the Android Tutorial Point community!. I hope you get the best possible value at of our platform. Stick with us for a while, and we promise you will become an $$Android Rockstar$$!

Android Tutorial Point is the right platform if you want to learn about android development. We have a broad collection of tutorials on different aspects of Android Development and it is growing rapidly. Here at Android Tutorial Point we thrive to deliver the best tutorials. In this direction, we are trying to create a community that will cater to your needs, whether you are a beginner or a seasoned veteran. For the beginners that are getting started on Android Development
journey, we would suggest you to begin with our Android Basics Tutorial available at http://www.androidtutorialpoint.com/category/basics/ . Here, we feature articles on how to start with Android programming.


All the best from the Android Tutorial Point team. Don't forget to subscribe our blog for latest android tutorials. You can reach out to us at our Facebook page https://www.facebook.com/androidtutorialpoint/ or Add us on Twitter https://twitter.com/androidtutpoint/ . Any ideas or suggestions? Shoot us an email at androidtutorialspoint@gmail.com

Comments and Discussions

 
QuestionMore hype than real concern Pin
Noobs R Us21-Jan-17 16:57
professionalNoobs R Us21-Jan-17 16:57 
Newsarticle Pin
thewazz9-Oct-16 14:11
professionalthewazz9-Oct-16 14:11 
AnswerFurther Explanation Pin
Phương Lâm Nguyễn Bình20-Jul-16 17:00
memberPhương Lâm Nguyễn Bình20-Jul-16 17:00 
QuestionPlease explain further Pin
Member 1196392419-Jul-16 23:01
memberMember 1196392419-Jul-16 23:01 
AnswerRe: Please explain further Pin
Akinmade Bond24-Jul-16 12:54
professionalAkinmade Bond24-Jul-16 12:54 
QuestionWhat exactly is the problem??? Pin
James Curran18-Jul-16 8:19
memberJames Curran18-Jul-16 8:19 
This is more of a headline than an article. It skips over much detail..
  • What is the effect of changing 'window.opener.location" ?
  • How can this malign a website?
  • How can this 'result in hacking of your login credentials" ?
  • What does Google know about this problem, and what are they doing about it?
  • What exactly do "noopener" and "noreferrer" do ?
  • Do those rel attributes solve the problem, or do I still have to stop using "target=_blank"
Truth,

James

AnswerRe: What exactly is the problem??? Pin
Akinmade Bond24-Jul-16 12:53
professionalAkinmade Bond24-Jul-16 12:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Technical Blog
Posted 18 Jul 2016

Tagged as

Stats

13.9K views
4 bookmarked