Open mr-c opened 2 years ago
I think the target=blank
in HTML links is what is needed here, if the links are in a web page.
Some time ago there were some attacks related to this HTML feature. I haven't followed what happened after that, I only remember a bunch of systems/sites started updating their target=blank
code.
There's a page on OWASP page about the attack, called "Reverse Tabnabbing", https://owasp.org/www-community/attacks/Reverse_Tabnabbing, and there should be a few blogs/tweet-threads from the time it surged too.
Bruno
I think the
target=blank
in HTML links is what is needed here, if the links are in a web page.
Ah, that sounds right.
https://talk.jekyllrb.com/t/how-can-i-ensure-my-links-open-in-a-new-tab/4318 suggests [link text](the link){:target="_blank"}
; I'll try that out
Try adding the target="blank" rel="noopener noreferrer"
. If this pair works, I think it also prevents the reverse tabnabbing thingy.
https://stackoverflow.com/a/62076248 suggests the syntax for markdown/jekyll is [example](example.com){:target="_blank"}{:rel="noopener noreferrer"}
Maybe we'll add https://github.com/keithmifsud/jekyll-target-blank to do this automatically for all external links. I'll need to think on that first.
Oh, that was markdown? I'm surprised you can actually do that without mixing markdown and html :clap: :+1:
Maybe we'll add https://github.com/keithmifsud/jekyll-target-blank to do this automatically for all external links. I'll need to think on that first.
Today-I-Learned about that extension, thanks!
I witnessed someone getting lost because of this, but I don't know the trick to do this.