Skip to content
Chrome extension that sets window.opener on every page to null to avoid phishing attacks based on target _blank vulnerability
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE
README.md
blank-protector.js
icon128.png
icon16.png
icon48.png
manifest.json

README.md

When we click on link with target="_blank", a new page in a new tab can change our previous page on the previous tab. To avoid this effect, we can use rel="noopener" but too many websites not using this ability yet. And we can't affect them. This is a very simple Google Chrome extension that does only one thing: sets window.opener on every page to null before page loading is started. Despite the fact that websites use rel="noopener" or not (by the way Google search doesn't use it) we can keep calm - without window.opener this attack can't affect us.

Intallation instructions

  • Clone this repository or download zip version and unpack it
  • Go to chrome://extensions/
  • Enable "Developer mode"
  • Click "Load unpacked extension" and load it from the directory where you clone this repository
You can’t perform that action at this time.