window.opener.location = 'https://fakewebsite/facebook.com/PHISHING-PAGE.html';Solution 1:
<a target="_blank" rel="noopener noreferrer">demo</a>Solution 2:
var newWnd = window.open();
newWnd.opener = null;Reference:
https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
https://medium.com/@ali.dev/how-to-fix-target-blank-a-security-and-performance-issue-in-web-pages-2118eba1ce2f
No comments:
Post a Comment