TIL that target=”_blank” is bad. Who knew? (Hackers.)

We all love the target=”_blank” code, which makes links open in a new window. The problem is that once the new window (window.opener) is opened, the new page can have access to the original window, allowing a spoofed URL or redirect.

Scary, right? Someone can post a link on your forum or in the comments of your blog and go to town. In the meantime, be careful of your clicks.

Try the example here to see it in action: http://lcamtuf.coredump.cx/switch/ or here https://mathiasbynens.github.io/rel-noopener

 

I highly recommend her to anyone from anywhere looking for a better web presence.  She’s the best!

Rob in Sacramento – Real Estate Blog Design