Javascript Reverse Tabnabbing Missing Rel
Description
Detects potential reverse tabnabbing vulnerabilities in NextJS applications where links or anchor tags open in new tabs/windows without proper security attributes (rel="noopener noreferrer"). This vulnerability could allow malicious pages to manipulate the original page's location through window.opener, enabling phishing attacks.
Detection Strategy
• Identifies anchor tags (<a>) and Link components in NextJS files that use target='_blank'
• Checks if the rel attribute is missing or doesn't include both 'noopener' and 'noreferrer' values
• Reports a vulnerability when finding external links opening in new tabs without proper security attributes
• Examines both JSX syntax in .jsx/.tsx files and regular HTML in .js/.ts files
Vulnerable code example
import React from 'react'
export function VulnerableLink({ url, children }) {
// Vulnerability: Opens new tab without noopener/noreferrer protection
return (
<a href={url} target="_blank">
{children}
</a>...✅ Secure code example
import React from 'react'
export function SecureLink({ url, children }) {
// Added rel="noreferrer" to prevent reverse tabnabbing attacks
return (
<a href={url} target="_blank" rel="noreferrer">
{children}
</a>...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.