One of the Most Unsafe CSS Attribute: target=_blank

Andy Point

Rate me:

5.00/5 (8 votes)

18 Jul 2016CPOL1 min read

18.3K

One of the most unsafe CSS attribute: target=_blank

People who are new to blogging tend to use "target=_blank" attribute most often. This is generally a preferred choice of bloggers and content writers. "target=_blank" will open a link in a new tab and hence the user will never get a chance to go back to the previous page. This makes SEO of website or blog very good.

But there is one very big problem that bloggers don't notice and hence, it makes their blog/website vulnerable to the phishing attack. Let us tell you how:

Whenever a link is opened in a new tab, its window.opener points to the currently opened page, i.e., index.html. Now, the newly opened tab can then change the window.opener.location to some phishing page and hence malign index.html.

index.html could possibly be changed into index.html#malign which looks exactly the same as the currently opened page. This could result in hacking of your login credentials. Even Google knows this problem!!

How to Avoid Problem of target=_blank

To avoid this type of attack, add the following attribute in your links:

HTML

rel="noopener"

Firefox doesn't support rel="noopener", so use:

HTML

rel="noopener noreferrer"

A slight change in your links could save you from a large web attack. All the best!!

Let us know if you have any queries or suggestions. Please subscribe for more awesome hacks. Have a nice day!

This article was originally posted at http://www.androidtutorialpoint.com/tips-tricks/one-unsafe-attribute-target_blank

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Andy Point

Software Developer (Senior)

India

Hello Developer!

As a co-founder, I would like to welcome you to the Android Tutorial Point community!. I hope you get the best possible value at of our platform. Stick with us for a while, and we promise you will become an $$Android Rockstar$$!

Android Tutorial Point is the right platform if you want to learn about android development. We have a broad collection of tutorials on different aspects of Android Development and it is growing rapidly. Here at Android Tutorial Point we thrive to deliver the best tutorials. In this direction, we are trying to create a community that will cater to your needs, whether you are a beginner or a seasoned veteran. For the beginners that are getting started on Android Development
journey, we would suggest you to begin with our Android Basics Tutorial available at http://www.androidtutorialpoint.com/category/basics/ . Here, we feature articles on how to start with Android programming.

All the best from the Android Tutorial Point team. Don't forget to subscribe our blog for latest android tutorials. You can reach out to us at our Facebook page https://www.facebook.com/androidtutorialpoint/ or Add us on Twitter https://twitter.com/androidtutpoint/ . Any ideas or suggestions? Shoot us an email at androidtutorialspoint@gmail.com

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

One of the Most Unsafe CSS Attribute: target=_blank

How to Avoid Problem of target=_blank

License

Comments and Discussions