Share this page!

Oliver Jumpertz Profile picture
Twitter logo
16 Jul, 8 tweets, 3 min read
πŸ’› HTML tip πŸ’›

You can force a user's browser to open a new tab when clicking on a link by adding target="_blank" to it.

But you should always add rel="noreferrer" to it!

The reason and an explanation in a short thread. ↓ <a href="https://anydomain.com" target="_blan
When a new tab opens, the page loaded gets access to the window.opener attribute. If the site has malicious code in it, it can use the opener property to redirect your page to another malicious site that might harm the user.

1/7
Adding rel="noreferrer" prevents that the window.opener property is accessible for the site linked to and additionally skips sending a Referer HTTP header to that page with your website's URL.

2/7
-> Explanation of the actual hack

When your browser opens a new tab after a user clicks a link, the window.opener attribute is set.

This is not only a string with the url, it is actually the window object of the other tab!

3/7
Now imagine the following:

A popular blog popularblog.tech/ultra-viral-ar… links to other.page/additional-inf….

So far so good, nothing bad here.

other.page, however, contains malicious code.

4/7
This malicious code does the following:

window.opener.location = 'fake.site/popularblog.te…'

This redirects the original tab to a new page!

This fake site is a perfect copy of the original blog.

5/7
You'd probably not even realize that your other tab loads a fully different website.

It could contain malicious ads or popups that try to bring users to download malware, buy questionable products, or whatever else there is one could do online to cause harm.

6/7
When your links are protected with a rel of either noopener or noreferer, window.opener isn't set and can't be used for this type of hack.

You immediately protect all your users from falling into a nasty trap.

7/7

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Oliver Jumpertz

Oliver Jumpertz Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @oliverjumpertz

Oliver Jumpertz Profile picture
17 Jul
"Where do you see yourself in five years?"

This is still a common job interview question.

But do you hate it as much as I do and would love to stand up and simply leave immediately?

Don't.

Here is how you can turn this question into a huge win.

A thread. ↓
0. Foreword

I've interviewed countless times in the last years and had the honor to interview some amazing engineers myself.

I never used this question myself but had to witness HR ask exactly this one.

1/40
It took me a good amount of time to understand that, while being a question most interviewees hate, it's an HR trick to gather valuable information.

2/40
Read 41 tweets
Oliver Jumpertz Profile picture
17 Jul
Debugging 101

1. Start your debugger
2. Trigger an action
3. Skip the first 10 breakpoints you forgot to remove last time
4. Realize you forgot to set a new breakpoint
5. Abort
6. Set a new breakpoint
7. Retrigger the action

πŸ‘‡πŸ»
8. Sigh because you need to skip the 10 first breakpoints again
9. Realize you accidentally also skipped your new breakpoint
10. Retrigger the action
11. Skip and remove each of the first 10 breakpoints you forgot to remove once again
12. Stop at the right breakpoint

πŸ‘‡πŸ»
13. Stare at your screen and think
14. Realize you should have set the breakpoint earlier
15. Abort
16. Set a new breakpoint
17. Retrigger the action
18. Stare at your screen again
19. Think and cry a little
20. Take a break

πŸ‘‡πŸ»
Read 4 tweets
Oliver Jumpertz Profile picture
15 Jul
"Are there any questions left we can answer?"

"No, not right now, thank you."

Have you ever encountered this situation in an interview and responded like above?

I'm sorry, but you've given away an awesome opportunity to make a lasting impression.

A thread.
0. Foreword

I've been on both sides of the interview table for a few years now.

I've interviewed for positions, and I've interviewed quite a few awesome engineers.

I can only give you my perspective and opinion. It does not necessarily need to be fitting each situation.

1/32
1. Why this question is an opportunity

Although there is a shortage of software developers right and left, many companies still want to make sure they hire the right people.

Even the best engineers may not be the best fit for a company and its culture.

2/32
Read 34 tweets
Oliver Jumpertz Profile picture
15 Jul
Did you know that a unit test should have three basic blocks?

1. Arrange / Given
2. Act / When
3. Assert / Then

Let's quickly go over them so you get a better idea.

A thread.
1. Arrange / Given

This is where you set up everything you need to trigger the logic you want to test.

No matter whether you initialize input variables or specify the result you later expect. This is where this logic belongs.

1/10
'Given' is a term coming from behavior-driven design where human-readable "user stories" are used to describe your expectations.

You can read it as: "Given this input or setup...".

2/10
Read 11 tweets
Oliver Jumpertz Profile picture
14 Jul
Testing JavaScript can be difficult.

It sometimes can be hard to write excellent tests that assert that what you developed really works.

To support you, I compiled some beginner-friendly JavaScript testing resources for you.

A thread.
1. JavaScript testing for beginners

This is a course that delivers one lesson each day to your inbox.

You can do it at your own pace.

Perfect for beginners, with some great advice.

marclittlemore.com/javascript-tes…

1/9
2. Introduction To JavaScript Unit Testing

This article is a great guide for beginners.

It walks you from your code as it might be, over making it actually testable, to finally covering it with tests.

smashingmagazine.com/2012/06/introd…

2/9
Read 10 tweets
Oliver Jumpertz Profile picture
13 Jul
Let's be honest, CSS can be pretty difficult.

I had a hard time learning it, but there are a few resources that can definitely help you to understand the style language of the web.

Here is a collection of my favorite ones.

A thread.
1. codrops

An extensive CSS reference that will serve you even better than MDN.

Definitely, my go-to resource when I want to look something up.

tympanus.net/codrops/css_re…

1/11
2. The box model

Everything in HTML and CSS has something to do with a box. Some elements are block elements, others are inline elements.

This concept can actually be pretty difficult to understand.

This article on MDN makes it clear for you.

developer.mozilla.org/en-US/docs/Lea…

2/11
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @oliverjumpertz has new unrolls!

Check out other threads from @oliverjumpertz!

Read all threads by @oliverjumpertz

:(