People who are new into blogging tend to use "target=_blank" attribute most often. This is generally a preferred choice of bloggers and content writers. "target=_blank" will open a link in a new tab and hence user will never get a chance to go back to the previous page. This makes SEO of website or blog very good.
But there is one very big problem that bloggers don't notice and hence, it makes their blog/website, vulnerable to the phishing attack. Let us tell you how:
Whenever a link is opened in a new tab, its window.opener points to the currently opened page i.e index.html. Now the newly opened tab can then change the window.opener.location to some phishing page and hence malign index.html.
index.html could possibly be changed into index.html#malign which is looking exactly same as currently opened page.This could result into hacking of your login credentials. Even google knows this problem !!
To avoid this type of attack, add following attribute in your links:
rel="noopener"Firefox doesn't support rel="noopener" so use:
rel="noopener noreferrer"A slight change in your links could save you from a large web attack. All the Best!!
Let us know if you have any queries or suggestion. Please subscribe for more awesome hacks. Have a nice day
Source: One of the most unsafe CSS attribute: target=_blank
No comments:
Post a Comment