Html Reverse Tabnabbing Missing Rel
Description
Detects unsafe anchor tags that could enable reverse tabnabbing attacks. When links open in new tabs without the 'noreferrer' attribute, the opened page can manipulate the original page's location, potentially redirecting users to phishing sites.
Detection Strategy
• Search for anchor (<a>) tags with href attributes containing external URLs (starting with http:// or https://) or variables
• Check if the anchor tag uses target="_blank" to open in new window/tab
• Verify if the rel attribute is either missing or does not contain "noreferrer"
• Report vulnerability if all above conditions are met as this creates reverse tabnabbing risk
Vulnerable code example
<template>
<div>
<!-- Vulnerable: Opens new tab without noopener/noreferrer protection -->
<a href="https://external-site.com" target="_blank">
Click here
</a>
<!-- Vulnerable: Using only nofollow doesn't prevent reverse tabnabbing -->...✅ Secure code example
<template>
<div>
<!-- Secure: Uses noreferrer noopener to prevent reverse tabnabbing -->
<a href="https://external-site.com" target="_blank" rel="noreferrer noopener">
Click here
</a>
<!-- Secure: Order of rel attributes doesn't matter, both prevent window.opener access -->...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.