Can you elaborate on vulnerability #3, putting target=”_blank” on <a> tag? If you know and control the url in the href of that <a> tag, is there still a vulnerability? Or is this about opening links in new windows, to destinations that may come from elsewhere? Imagine a user profile with a target=”_blank” link to the user’s web site. A malicious user could link to a page that tries to control the opener. Anything I’m missing?