A tag jump referer vulnerability

Time:2020-10-25

A tag needs to be added when opening a new pagerel=”noopener noreferrer” 

Otherwise, in the newly opened page( http://www.baidu.com )Can be passed through window.opener Obtain partial control of the source page, even if the newly opened page is cross domain (for example, location does not have cross domain problem).

In chrome 49 +, opera 36 +, open the link with rel = noopener added, window.opener Will be null. In older browsers, you can use rel = norerror to disable the referer attribute of the HTTP header

As follows:

Baidu

 

 

In element UI, El link is equivalent to a tag

 

 

In addition, you can use the window.open Open the page and manually set opener to null.

var otherWindow = window.open('http://www.baidu.com');
otherWindow.opener = null;
otherWindow.location = url;

 

 

reference resources:

https://blog.csdn.net/huolang110/article/details/80905596

https://element.eleme.cn/#/zh-CN/component/link

 

Recommended Today

Blog based on beego, go blog

Go Blog A beego based development, can quickly create personal blog, CMS system Include functions see Official website of go bloggo-blog.cn Demo siteleechan.online Update log time function January 23, 2020 New top post function February 2, 2020 New custom navigation function February 4, 2020 New site announcement function February 6, 2020 New link module February […]