People who are new to blogging tend to use "target=_blank" attribute most often. This is generally a preferred choice of bloggers and content writers. "target=_blank" will open a link in a new tab and hence the user will never get a chance to go back to the previous page. This makes SEO of website or blog very good.
But there is one very big problem that bloggers don't notice and hence, it makes their blog/website vulnerable to the phishing attack. Let us tell you how:
Whenever a link is opened in a new tab, its window.opener points to the currently opened page, i.e., index.html. Now, the newly opened tab can then change the window.opener.location to some phishing page and hence malign index.html.
index.html could possibly be changed into index.html#malign which looks exactly the same as the currently opened page. This could result in hacking of your login credentials. Even Google knows this problem!!
How to Avoid Problem of target=_blank
To avoid this type of attack, add the following attribute in your links:
rel="noopener"
Firefox doesn't support rel="noopener", so use:
rel="noopener noreferrer"
A slight change in your links could save you from a large web attack. All the best!!
Let us know if you have any queries or suggestions. Please subscribe for more awesome hacks. Have a nice day!
