As we all use target="_blank" to open the link into new tab of a window but everyone should know a risk inside it.
When we open a new tab link
window.opener get triggered which made a limited access to the specific tab opened, for example; you can not go back in the previous page by clicking back button from your URL bar.
So what is the risk here?
when the new tab link open it can alter the Link page URL from
If your external link is not trusty that may cause a real problem to your website.
What can happen?
- Hacker can redirect your domain.
- CSRF can be performed.
- XML entities can be altered.
How to prevent this?
Do not forget to add relation attribute in your link tag
In a Nutshell
<a href="https://thehassantahir.web.app" target="_blank" rel="noopener noreferrer">Thehassantahir</a>