Exploit using target="_blank"
Posted: Mon Jun 10, 2019 12:17 pm
There is a target="_blank" exploit demonstrated at this page: https://mathiasbynens.github.io/rel-noopener/
Does the same exploit work with target="_new"? Is there anything fundamentally different about how that code works, compared to target="_blank"?
I found a script for GreaseMonkey/ViolentMonkey/TamperMonkey which turns target="_blank" into target="_self" which defeats the exploit. I was wondering if there was any point in extending it to include target="_new".
Does the same exploit work with target="_new"? Is there anything fundamentally different about how that code works, compared to target="_blank"?
I found a script for GreaseMonkey/ViolentMonkey/TamperMonkey which turns target="_blank" into target="_self" which defeats the exploit. I was wondering if there was any point in extending it to include target="_new".