Detectify
Knowledge Base

Back to Knowledge Base

Support Center

External Links using target='_blank'

Last Updated: Apr 21, 2017 11:47PM CEST

An outgoing link has the parameter target=’_blank’ while not utilizing rel=noopener. When such a link is clicked, the target site can modify the location of the original window.

What can happen?

A great demo can be found here: https://dev.to/ben/the-targetblank-vulnerability-by-example

There is a link to y.com on x.com. When a user click on that link y.com is opened in a new tab while x.com is in the original tab. However, y.com has now control over the original tab as well and can change the address there to whatever they would want. This method can be used in phishing when trying to trick the visitor.

Remediation

The recommended remediation method is to stop using target=’_blank’. Let the user choose by themselves how the link should be opened, do not force ‘open in new tab’ onto them.

However, if you still want to use target=’_blank’ make sure to add rel=noopener to the a-tag. This prevents the new page from controlling the original tab.

Resources

support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete