Discussion on "Prevent Reverse Tabnabbing Attacks With Proper noopener, noreferrer, and nofollow Attribution"

Bhanu Teja Pachipulusu · 2020-08-18T13:03:22.945Z

Now and then, when you click on a link on a website, the link will be opened in a new tab, but the old tab will also be redirected to some other phishing website where it asks you to login or starts downloading some malware to your device. In this bl...

Well explained, I actually should make more use of this, it's such a default security standard, but wel overlooked.

Just out of curiosity, does anyone know an actual script that will bogus the request with not having this in place?

Oh... May be you meant an actual website which is making use of this attack 😂. If so, i don't know of any such site, we have to wait for someone else to answer it.

Bhanu Teja Pachipulusu No this is perfect, makes sense so basicly the referal is injecting your original site with a clone.

Just always curious to see how these attacks work. Might set up an extreme sample to test haha.

Daily Dev Tips Please do share that site with us when you set it up to test. Will add that to the links. 😁

Great post, though I don't understand why this is the default behaviour of browsers. Instead noopener should be default and we could add rel="opener".

noopener ensures every tab runs in a separate process. Your browser would start crashing if you open too many tabs on slower systems. Hence, it's not the default option.

Hey @emilmoe Thanks 🙏

You can follow the discussion in github.com/whatwg/html/issues/4078 to get more insights.

Really great read, thanks for sharing!

Discussion

Prevent Reverse Tabnabbing Attacks With Proper noopener, noreferrer, and nofollow Attribution

Responses(5)

Recent in Forum

Search Hashnode

Prevent Reverse Tabnabbing Attacks With Proper noopener, noreferrer, and nofollow Attribution

Responses(5)

Recent in Forum