Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Unsafe third-party link (target="_blank")

Avatar

Avatar
Validate 25
Level 4
varuns46785756
Level 4

Likes

22 likes

Total Posts

146 posts

Correct Reply

2 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Ignite 5
Ignite 3
View profile

Avatar
Validate 25
Level 4
varuns46785756
Level 4

Likes

22 likes

Total Posts

146 posts

Correct Reply

2 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Ignite 5
Ignite 3
View profile
varuns46785756
Level 4

06-08-2019

Hi All,

I am doing the scanning of my application(I am using AEM6.4) on IBM AppScan tool and found issue for "target="-blank" is unsafe. I am using newtab ( target="_blank") while authoring the URL in text content in RTE. And as per the tool recommendation the fix is :- Add the attribute rel = "noopener noreferrer" to each link element with target="_blank".

My doubt is do I need to add this fix with all of my target="_blank" on my AEM pages because I never used it. Please suggest

Regards,

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Boost 5
Level 2
PriyankaBiswal
Level 2

Likes

8 likes

Total Posts

11 posts

Correct Reply

2 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Boost 5
Level 2
PriyankaBiswal
Level 2

Likes

8 likes

Total Posts

11 posts

Correct Reply

2 solutions
Top badges earned
Boost 5
Boost 3
Boost 1
Affirm 1
View profile
PriyankaBiswal
Level 2

06-08-2019

The third-party links with target="_blank" attribute and no rel="noopener noreferrer" attribute allows linked page partial access to the linking page window object. object of the original page to the linked page via window.opener object.This can be exploited for phishing attacks if the linked page is malicious.

So in your case If this is coming from RTE only then you need to place this as an authoring guildeline, But however , if this is coming from a hyperlink or CTA component then you should handle this programmatically, you can write an utility which identifies whether an link is external or not and based on that plance rel="noopener noreferrer" with the anchor tag.

Answers (1)

Answers (1)

Avatar

Avatar
Validate 25
Level 4
varuns46785756
Level 4

Likes

22 likes

Total Posts

146 posts

Correct Reply

2 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Ignite 5
Ignite 3
View profile

Avatar
Validate 25
Level 4
varuns46785756
Level 4

Likes

22 likes

Total Posts

146 posts

Correct Reply

2 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Ignite 5
Ignite 3
View profile
varuns46785756
Level 4

07-08-2019

thanks Priyanka