XSS in Open Redirect which uses attribute rel=”noopener follow” target=”_blank Via Browser Modern
Hi everyone
This time I will write a little XSS solution in Open Redirect that uses the attribute rel=”noopener follow” target=”_blank.
Here’s the code snippet:
<a class=”test” title=”test” href=”javascript:alert()” rel=”noopener follow” target=”_blank”>CLICK</a>
Source :
From the code snippet above, I tried to open it through several Modern Browsers:
- Google Chrome
In Chrome when you open JavaScript Protocol which has attribute rel=”noopener follow” target=”_blank then it doesn’t work, and you will be taken to page about:blank#blocked. See pop up doesn’t appear.
2. Microsoft Edge
It’s the same on Edge too. When you open the JavaScript Protocol which has the attribute rel=”noopener follow” target=”_blank then it doesn’t work, and you will be taken to a page about:blank#blocked. See the pop up doesn’t appear.
3. Opera
I also get the same result in Opera, where the javascript protocol is equipped with rel=”noopener follow” target=”_blank attribute then it doesn’t work, and you will be taken to a page about:blank#blocked. See the pop up doesn’t appear.
Then how to take advantage of this so that it can be triggered in Modern Browsers?
This time I’m using Firefox version ( 103.0 ).
4. Firefox
Surprisingly, the JavaScript Protocol with rel=”noopener follow” target=”_blank attribute was escaped in Firefox version ( 103.0 ). And a pop up appeared.
I think it only works in IE & Safari Browser, and when I report a case similar to this I use IE Browser. Then Severity drops to LOW, and that’s very sad. Now I can use this in new versions of Firefox and Modern browsers.
I am writing this only for future reference regarding the findings of the same case.
Keep hunting & Hopefully useful.