Home > Enterprise >  Checkmarx : How to solve Unsafe_Use_Of_Target_blank issue?
Checkmarx : How to solve Unsafe_Use_Of_Target_blank issue?

Time:05-10

I have 3 occurances of "Unsafe_Use_Of_Target_blank" vulnerability from Checkmarx, in the following lines of my code (UI5 project):

window.open(new URL(sCustomUrl).origin   "/"   sParam);

window.open(sCustomUrl   this.getView().getModel().getProperty("/ID"));

window.open(this.urlToID);

How can I eliminate the issue in these lines?

CodePudding user response:

When not specifying the target (no second parameter for window.open, or it an empty string or "_blank"), the opened window gains some access to the page that executed the window.open() method (Reverse Tabnabbing).

Setting the opener property to null, or specifically setting the target when calling window.open, fixes this vulnerability.

You can get more info about "unsafe use of target _blank" here.

  • Related