Skip to content

Instantly share code, notes, and snippets.

@Bradley-D
Last active May 21, 2018 07:08
Show Gist options
  • Save Bradley-D/8146737435d0fd7a967a5c8f20005bff to your computer and use it in GitHub Desktop.
Save Bradley-D/8146737435d0fd7a967a5c8f20005bff to your computer and use it in GitHub Desktop.
jQuery: Target Blank Security
$('a').each(function () {
if ($(this).attr('target') == '_blank') {
if ($(this).attr('rel')) {
this.rel += ' noopener noreferrer';
} else {
$('a').attr('rel', 'noopener noreferrer');
}
};
});
@Bradley-D
Copy link
Author

Using target="_blank" on links can open the door for a hacker to attach a website from the target website... sneaky devils. If you use the noopener noreferrer in the rel it puts a stop to those attacks.

For reference - https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment