Javascript Target Blank Noopener Risk
Description
Detects potential Reverse Tabnabbing vulnerabilities in JavaScript code using jQuery's attribute manipulation methods. This occurs when target="_blank" links are created without the rel="noopener" attribute, allowing malicious pages to access the window.opener object and potentially redirect the original page.
Detection Strategy
• Identifies jQuery method calls that set HTML attributes on elements
• Checks if code sets target="_blank" attribute without also setting rel="noopener"
• Reports vulnerability when target="_blank" is set via jQuery .attr() without proper protection
Vulnerable code example
// External links without noopener/noreferrer are vulnerable to tabnabbing
$("a[href^='http']").each(function() {
if (!this.href.includes(window.location.hostname)) {
$(this).attr("target", "_blank"); // Vulnerable: missing rel="noopener noreferrer"
}
});✅ Secure code example
// Secure external links with noopener/noreferrer protection
$("a[href^='http']").each(function() {
if (!this.href.includes(window.location.hostname)) {
$(this)
.attr("target", "_blank")
.attr("rel", "noopener noreferrer"); // Added security attributes to prevent tabnabbing
}
});Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.