[Owasp-leaders] Link target = _blank vulnerability

psiinon psiinon at gmail.com
Tue Feb 13 18:10:17 UTC 2018


Leaders,

We've just added a ZAP passive scan rule for detecting unsafe links which
use a target of '_blank' and dont use either 'noopener' or 'noreferer' in
the 'rel' attribute.
I was somewhat disappointed not to find an OWASP wiki page that we could
refer to.
I think we should have something for it on the wiki, maybe a 'Link target
_blank' 'Attack <https://www.owasp.org/index.php/Category:Attack>' page?
I'm happy to write the first version (if no one else would rather do it)
but taxonomy has never been one of my strengths ;)
Thoughts?

Cheers,

Simon

-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20180213/35599703/attachment.html>


More information about the OWASP-Leaders mailing list