Today I was reading about the never ending target=”_blank” vulnerability.
What’s it? Have you ever used the target attribute?
It simply tells the browser where to open the linked document. Probably you used it combined with the “_blank” value, right? It’s just a convolute way to say: “hey browser, open this page in a new window or a new tab, thank you”.
Are you with me? So what’s the problem?
The target=”_blank” is one of the most underestimated vulnerability
Why? When you click on a link that has the
target="_blank" on, the newly open page gains partial access to the linking page. Incredible, isn’t it?