This is my first Project guys, please give your valuable feedback.
- Target blank vulnerability
<a href="https://en.wikipedia.org/wiki/Paul_Walker" target="_blank">Paul Walker</a>
Note: When using target, consider adding rel="noopener noreferrer"
to avoid exploitation of the window.opener API.
TL;DR If window.opener is set, a page can trigger a navigation in the opener regardless of security origin.
People using target=’_blank’ links usually have no idea about this curious fact:
The page we’re linking to gains partial access to the linking page via the window.opener object.
How to fix
Add this to your outgoing links.
Update: FF does not support “noopener” so add this.
Remember, that every time you open a new window via window.open(); you’re also “vulnerable” to this, so always reset the “opener” property
var newWnd = window.open(); newWnd.opener = null;
- You can use an address element (more descriptive):
<p>Coded By <a href="https://www.facebook.com/pawan.sarswat.14" target="_blank">- Pawan Sarswat</a> </p>
<address>element supplies contact information for its nearest
<body>ancestor; in the latter case, it applies to the whole document.
- To represent an arbitrary address, one that is not related to the contact information, use a
<p>element rather than the
- This element should not contain more information than the contact information, like a publication date (which belongs in a element).
- Typically an
<address>element can be placed inside the
<footer>element of the current section, if any.
<address> You can contact author at <a href="http://www.somedomain.com/contact">www.somedomain.com</a>.<br> If you see any bugs, please <a href="mailto:email@example.com">contact webmaster</a>.<br> You may also want to visit us:<br> Mozilla Foundation<br> 1981 Landings Drive<br> Building K<br> Mountain View, CA 94043-0801<br> USA </address>
Cheers and happy coding
Don’t know why but my
<blockquote></blockquote> is not working now