Html 与 target="_blank" 和 rel="noopener noreferrer" 的链接仍然容易受到攻击?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/50709625/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Link with target="_blank" and rel="noopener noreferrer" still vulnerable?
提问by Miro J.
I see people recommending that whenever one uses target="blank"in a link to open it in a different window, they should put rel="noopener noreferrer". I wonder how does this prevent me from using Developer Tools in Chrome, for example, and removing the rel attribute. Then clicking the link...
我看到有人建议,每当人们使用target="blank"链接在不同的窗口中打开它时,他们应该将rel="noopener noreferrer". 我想知道这如何阻止我在 Chrome 中使用开发人员工具,并删除 rel 属性。然后点击链接...
Is that an easy way to still keep the vulnerability?
这是保持漏洞的简单方法吗?
回答by Jon Uleis
You may be misunderstanding the vulnerability. You can read more about it here: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
您可能误解了该漏洞。你可以在这里阅读更多相关信息:https: //www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
Essentially, adding rel="noopener noreferrer"to links protects your site's users against having the site you've linked topotentially hiHymaning the browser (via rogue JS).
从本质上讲,添加rel="noopener noreferrer"到链接可以保护您网站的用户免于让您链接的网站可能劫持浏览器(通过流氓 JS)。
You're asking about removing that attribute via Developer Tools - that would only potentially expose you(the person tampering with the attribute) to the vulnerability.
您要求通过开发人员工具删除该属性 - 这只会使您(篡改该属性的人)暴露于该漏洞。
回答by Obsidian Age
Links with target="_blank"on them are vulnerableto having the referrer page being swapped out in the background while the user's attention is diverted by the newly-opened tab. This is known as reverse tabnapping:
当用户的注意力被新打开的标签转移时,target="_blank"它们上的链接很容易在后台交换引用页面。这被称为反向 tabnapping:
The referring page is stored in window.opener, and a malicious site could modify this through:
引用页面存储在 中window.opener,恶意站点可以通过以下方式对其进行修改:
if (window.opener) {
window.opener.location = "https://phish.example.com";
}
Adding rel="noopener noreferrer"fixes this vulnerability in all major browsers.
添加rel="noopener noreferrer"修复了所有主要浏览器中的此漏洞。
Note that you could theoretically remove the relclient-sidethrough manipulation... but why would you want to? All you are doing is deliberately making yourself vulnerable to the attack.
请注意,理论上您可以通过操作删除rel客户端......但为什么要这样做?你所做的只是故意让自己容易受到攻击。
Other users who visit the same website (and don't modify their own client-side code) would still be safe, as the server would still serve up the rel="noopener noreferrer". Your removal of it only applies to you.
访问同一网站的其他用户(并且不修改他们自己的客户端代码)仍然是安全的,因为服务器仍然会提供rel="noopener noreferrer". 您删除它仅适用于您。
回答by Kowsigan Atsayam
The anchor tag rel=”noopener” or rel=”noreferrer” attribute improves the website security, but some people want to ignore it because they think it will affect their website search engine optimization. It is just a myth. It protects the confidentiality of your website audience and prevents external website by spreading malicious code.
锚标签rel="noopener" 或rel="noreferrer" 属性提高了网站的安全性,但有些人想忽略它,因为他们认为这会影响他们的网站搜索引擎优化。这只是一个神话。它保护您网站受众的机密性,并通过传播恶意代码来防止外部网站。
