Chrome will soon prevent JavaScript redirect on web page URL clicks
Last Week, Microsoft Edge developer, Eric Lawrence made a change in the Edge browser to increase the security when users click on web page links that open URLs in a new Window or tab.
The feature will be supported in Google Chrome, Brave and other Chromium-based browsers, as well.
What actually happened is that when people include target=”_blank” attribute (attribute tells the authors the browser to open the link in a new tab when clicked) into an HTML page, this creates a major security issue – threat actors can open a new page to utilize javascript to redirect the original page to a different URL.
To mitigate this attack, as Lawrence stated, “the HTML standard changed to specify that anchors that target _blank should behave as if |rel=”noopener”| is set. A page wishing to opt out of this behavior may set |rel=”opener”|,”
In 2018, Apple made a change in their Safari browsers to treat all HTML links that utilizing the target=”_blank” to automatically imply the noopener attribute to secure their URLs.
At present, only Chrome Canary received this feature. It is expected that the feature is to be released with Chrome 88 in January 2021.