Exploit using target="_blank"
concretable last edited by
There is a target="_blank" exploit demonstrated at this page: https://mathiasbynens.github.io/rel-noopener/
Does the same exploit work with target="_new"? Is there anything fundamentally different about how that code works, compared to target="_blank"?
I found a script for GreaseMonkey/ViolentMonkey/TamperMonkey which turns target="_blank" into target="_self" which defeats the exploit. I was wondering if there was any point in extending it to include target="_new".