Six Security Vulnerabilities learned from a Year of HackerOne
Kevin Miller
463

Can you elaborate on vulnerability #3, putting target=”_blank” on <a> tag? If you know and control the url in the href of that <a> tag, is there still a vulnerability? Or is this about opening links in new windows, to destinations that may come from elsewhere? Imagine a user profile with a target=”_blank” link to the user’s web site. A malicious user could link to a page that tries to control the opener. Anything I’m missing?

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.