Typescript Reverse Tabnabbing Window Open
Description
Detects reverse tabnabbing vulnerabilities in TypeScript code where window.open() is used without proper security attributes. Reverse tabnabbing allows an opened page to manipulate its opener window, potentially enabling phishing attacks where the parent page could be replaced with a malicious one.
Detection Strategy
• Search for window.open() function calls in TypeScript code
• Check if the window.open() call lacks noopener/noreferrer attributes to prevent access to the opener window
• Report vulnerable locations where window.open() could enable reverse tabnabbing due to missing security attributes
Vulnerable code example
// Demonstrates unsafe window.open() calls vulnerable to reverse tabnabbing
function unsafePopups() {
const externalURL = "https://external.com";
// Unsafe: No target or rel attributes to prevent tabnabbing
window.open(externalURL);
// Unsafe: _blank without noopener,noreferrer allows access to opener...✅ Secure code example
// Demonstrates safe window.open() calls to prevent reverse tabnabbing
function safePopups() {
const externalURL = "https://external.com";
// Safe: Internal URLs don't need additional protections
window.open("/internal-page");
// Safe: Using _self target prevents tabnabbing risk...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.