Typescript Target Blank Noopener Risk
Description
Detects potential reverse tabnabbing vulnerabilities in jQuery code that opens links in new tabs/windows. When links are opened with target="_blank" without the rel="noopener" attribute, the opened page can potentially access and manipulate the original window through the window.opener property.
Detection Strategy
• Check for jQuery attr() or prop() method calls that set the 'target' attribute to '_blank'
• Verify if the same element is missing the 'rel' attribute set to 'noopener'
• Report vulnerability if target='_blank' is used without rel='noopener' protection
Vulnerable code example
// External link handler without security attributes
$("a[href^='http']").each(function() {
$(this).attr("target", "_blank"); // Vulnerable: missing rel="noopener" allows reverse tabnabbing
});✅ Secure code example
// External link handler with security attributes
$("a[href^='http']").each(function() {
$(this)
.attr("target", "_blank")
.attr("rel", "noopener noreferrer"); // Safe: prevents reverse tabnabbing attacks
});Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.