target='_blank'
attribute without rel='noopener noreferrer'
JS-0712 93 fill="currentColor"
94 /></svg
95 ></a>
96 <a href="https://twitter.com/nuxt_js" target="_blank" 97 ><svg
98 class="w-6 h-6 text-gray-600 hover:text-gray-800"
99 xmlns="http://www.w3.org/2000/svg"
76 </p>
77 </div>
78 <div class="flex justify-center pt-4 space-x-2">
79 <a href="https://github.com/nuxt/nuxt.js" target="_blank" 80 ><svg
81 class="w-6 h-6 text-gray-600 hover:text-gray-800"
82 xmlns="http://www.w3.org/2000/svg"
58 We recommend you take a look at the
59 <a
60 href="https://nuxtjs.org"
61 target="_blank" 62 class="text-green-500 hover:underline"
63 >Nuxt documentation</a
64 >, whether you are new or have previous experience with the
11 <a
12 class="flex justify-center pt-8 sm:pt-0"
13 href="https://nuxtjs.org"
14 target="_blank" 15 >
16 <svg
17 width="218"
A malicious actor can gain full control over the user's DOM window object. This can lead to phishing attacks such as fake login prompts or password alerts being shown to the user.
Using target='_blank'
links grants the page we are linking to a partial access to the source page via the window.opener
object.
The newly opened tab can then change the window.opener.location
to some phishing page.
Or execute some JavaScript on the opener page on their behalf.
Since the users trust the page that is already opened, they won't get suspicious and this might result in a security risk.
<a href="http://example.com" target="_blank" >link</a>
<a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>