See more
Remember, that every time you open a new window via window.open(); you’re also “vulnerable” to this, so always reset the “opener” property
window.opener.location = ‘https://fakewebsite/facebook.com/PHISHING-PAGE.html';