TIL that target=”_blank” is bad. Who knew? (Hackers.)

We all love the target=”_blank” code, which makes links open in a new window. The problem is that once the new window (window.opener) is opened, the new page can have access to the original window, allowing a spoofed URL or redirect.

Scary, right? Someone can post a link on your forum or in the comments of your blog and go to town. In the meantime, be careful of your clicks.

Try the example here to see it in action: http://lcamtuf.coredump.cx/switch/ or here https://mathiasbynens.github.io/rel-noopener

 

Her work on our website took it from simple to extraordinary!

Mike in MI – Website Design
Powered by Wordpress Proudly 100% USA Ask us about silver and gold as barter coins

©2000-2018 SW33T Design.