Taylor Barr

556 days ago

Correct your _blank hrefs from phishing attacks.

Target=”_blank” — the most underestimated vulnerability ever

medium.com

The newly opened tab can then change the window.opener.location to some phishing page. Or execute some JavaScript on the opener-page on your behalf… Users trust the page that is already opened, they won’t get suspicious. Add this to your outgoing links.