Target=”_blank” – the most underestimated vulnerability ever
How to fix
Add this to your outgoing links.
rel="noopener"Update: FF does not support “noopener” so add this.
rel="noopener noreferrer"Remember, that every time you open a new window via
window.open();you’re also “vulnerable” to this, so always reset the “opener” propertyvar newWnd = window.open(); newWnd.opener = null;