We Were Vulnerable

Opening a link in a new tab can allow an attacker to take control of the previous tab?

Did you know: specifying target="_blank" in an anchor tag (<a></a>) creates a gnarly vulnerability? A recent code review found that we were susceptible to this issue. We've since remediated the vulnerability on our site, and would like to raise awareness of it for our customers.

This vulnerability, which affects all major browsers, allows the newly opened page full read/write access to the parent page's window.location object.

For example, if doppler.com contains the html <a target="_blank" href="https://example.com">Click me!</a>, then clicking the link will open example.com in a new tab. This is expected. What's unexpected is that any JavaScript running on example.com now has full access to modify the location of the still-open doppler.com tab. This would allow example.com to redirect the Doppler tab to evil.com, or the (theoretical) sophisticated phishing site d0ppler.com.

If this all sounds theoretical, check out this excellent demo of the vulnerability. Fortunately, the fix is as simple as adding rel="noopener" to the anchor tag.

Vulnerable link:

<a target="_blank" href="https://example.com">Click me!</a>

Non-vulnerable link:

<a target="_blank" rel="noopener" href="https://example.com">Click me!</a>

Security is a constant focus at Doppler, and we will continue to do everything we can to earn, and keep, your trust.

More Articles

Visual Studio Dev Containers For Node.js Apps on AWS
Learn how to build a remote container-based development environment for Node.js Applications on AWS using Visual Studio Code Dev Containers.
Visual Studio Code Remote Dev Containers on AWS Set Up Guide
Learn how to your configure your local and cloud based remote development environment for Visual Studio Code's Dev Containers.
Vercel Marketplace Integration
We're proud to be part of Vercel's new Marketplace launch featuring Doppler in the Dev Tools category.