window.opener
Fri, 02 Sep 2016 14:13:13 +0200
#^The target="_blank" vulnerability by example
#^About rel=noopener
If you use the target="_blank" attribute on a link, and do not accompany it with a rel="noopener" attribute, you are leaving your users open to a very simple phishing attack.
#^About rel=noopener
Imagine the following is user-generated content on your website: Clicking the above link opens malicious.html in a new tab (using target=_blank). By itself, that’s not very exciting.
However, the malicious.html document in this new tab has a window.opener which points to the window of the HTML document you’re viewing right now, i.e. index.html. This means that once the user clicks the link, malicious.html has full control over this document’s window object!
Note that this also works when index.html and malicious.html are on different origins — window.opener.location is accessible across origins!
Tue, 13 Jun 2017 14:41:38 +0200
Don't know what you clicked, but my server had problems yesterday. A php process went amok because of a sql server has gone away, but not exiting itself and just retried and created 15G log files in much shorter time than my log rotation, which caused other problems like IO wait, swap storm, high load average, etc.
This website is tracked using the Piwik analytics tool. If you do not want that your visits are logged this way you can set a cookie to prevent Piwik from tracking further visits of the site (opt-out).