Beware when you use target=”_blank” next time
Setting target attribute of anchor tag to ‘_blank’ is quite common when you want to open the link in a new tab of the browser. What is not commonly understood is this
can lead to a vulnerability known as tabnabbing.
Definition:
“Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack causes the browser to navigate to the impersonated page after the page has been left unattended for some time. A user who returns after a while and sees the login page may be induced to believe the page is legitimate and enter their login, password and other details that will be used for improper purposes. Read more about Tabnabbing.”
Solution:
You can easily avoid this potential vulnerability by adding a rel attribute to anchor tag and setting it to “noreferrer noopener”
So next time you write a code which looks like
| <a href=”https://www.greyneuronconsulting.com” target=”_blank”>Grey Neurons consulting</a> |
take an extra moment and don’t forget to add the rel attribute.
| <a href=”https://www.greyneuronconsulting.com” target=”_blank” rel=”noopener noreferrer”> CodeElan Tevchnologies</a> |
