The 'target =" _blank " vulnerability


#1

So I’m learning HTML and when I got to the Linking to Other Web Pages lesson part. But I’ve heard that the code _ blank can be a door to a phishing attack. Is there another way to open a new tab without being vulnerable?


#2

Seems i always end at the same article:

https://mathiasbynens.github.io/rel-noopener/

After reading it, target blank is only a problem with user generated content, this is not something to worry about when you just build the webpage and don’t allow user generated links to be posted on your website

If you do have user generated urls, use rel=noopener to <a>


#3

codecademy allows user to post links, and they indeed have noopener:

<a href="http://bit.ly/learnode" rel="nofollow noopener">http://bit.ly/learnode</a>

stolen from a random topic here on codecademy.