Node Underground

Dec 23, 2018 · Information Security

Stop Phishing via target=_blank: Secure Links with rel=noopener & noreferrer

This article explains how using target="_blank" on links can expose pages to phishing attacks via the opener object, compares same‑origin and cross‑origin behaviors, and provides practical mitigation techniques such as Referrer‑Policy, rel="noreferrer" and rel="noopener" with fallback JavaScript.