Google Chrome to block JavaScript redirects on web page URL clicks Google Chrome
Google Chrome will soon be able to block JavaScript redirects when users click on a web page link that opens a URL in either a new window or new tab.
For those unfamiliar, when inserting a link into an HTML page, an author can include the target=“_blank” attribute to tell a web browser to open a link in a new tab. While useful for site owners, this attribute has a known security issue due to the fact that a newly opened page can utilize a JavaScript redirect to open a different URL than the one specified in a site’s HTML code.
This means that a threat actor could redirect users to phishing pages or sites hosting malicious files just by adding a JavaScript redirect to links on a webpage.
Thankfully though, a re:=“noopener” HTML link attribute was created to prevent new tabs from using JavaScript to redirect to another UR.
Preventing JavaScript redirects
Back in 2018 Apple changed the way in which Safari treats all HTML links that use the target=“_blank” attribute to make it so that they automatically imply the noopener attribute. Once enabled, this feature prevents embedded links from redirecting to a different URL.
Microsoft Edge developer Eric Lawrence recently added this exact same feature to Chromium which means that it will soon find its way to Google Chrome, Brave, Vivaldi, Microsoft Edge and all other Chromium-based browsers. Lawrence provided further details on how this feature will work in Chromium in his commit, saying:
“To mitigate “tab-napping” attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if |rel=”noopener”| is set. A page wishing to opt out of this behavior may set |rel=”opener”|.”
Currently this feature is enabled in Chrome Canary but is expected to be included with the release of Chrome 88 in January of next year.
Via BleepingComputer
Google Chrome will soon be able to block JavaScript redirects when users click on a web page link that opens a URL in either a new window or new tab. For those unfamiliar, when inserting a link into an HTML page, an author can include the target=“_blank” attribute to tell…
Recent Posts
- TikTok and Universal Music Group end feud with new agreement
- Amazfit’s new low-cost wearable packs in a big display and 26 days of battery life
- As Questions Swirl Around Tesla’s Superchargers, the Race Is On to Fill the Power Gap
- Asus won’t say if the ROG Ally’s SD card reader will ever be truly fixed
- Quordle today – hints and answers for Thursday, May 2 (game #829)
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011