MSE FAULT - Links open in current tab instead of a new tab - action required
Options
Comments
-
Here's an explanation of a security risk, to do with opening a link in a new tab, which may be the cause of the current situation:
https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/0 -
thanks matty does it interfere with other sites/settings
will give it a tryWhat goes around-comes around0 -
I still think it needs putting back to how it was. I'm sure the so called risk is minimal and as this (not opening a new tab/window) doesn't happen on other sites, I really can't see the need for such paranoia here.0
-
Ok, I've downloaded an "Add-on" for Firefox called "open link in new tab" and at the moment its working ok.
Thanks for that. Works well. Right PITA before.
As if target="_blank" is a security risk.
I've been using target="_blank" for the past 25 years to stop users deviating from my websites when they click on a link. No complaints of security breaches so far.0 -
If target="_blank" is such a security risk then:
1) Why do "Martin's Twitter" and "MSE's Twitter" and all the links therein on the RHS of the forum still use it a week after the change to the forum was implemented?
2) Why have MSE not trawled through the forum and changed the links in every post created before 11am 03/10 to remove it?
If you study the background on the theoretical vulnerability caused by target="_blank" then it is a massive overreaction to disable it. In security terms, if allowing members to post links on the forum is akin to walking down the middle of a motorway, then disabling target="_blank" is like only allowing you do it facing the oncoming traffic. It also appears to me that the theoretical vulnerability can be easily eliminated with a few lines of code so the usefulness of target="_blank" can be retained.0 -
robbies_gal wrote: »thanks matty does it interfere with other sites/settings
will give it a try
No it is working ok at the moment.
Ive only been using it on MSE so once i log out i just disable it;)Can't sleep, quit counting sheep and talk directly to the shepherd :cool:0 -
If you really must have links open in a new tab then for now you can use the old skool method of holding down CTRL while clicking the link.0
-
If you really must have links open in a new tab then for now you can use the old skool method of holding down CTRL while clicking the link.
There are various ways around it on a laptop or PC, but it's more dificult on a phone or tablet.
It would also have been nice for MSE to tell us about the change in advance or at least respond promptly when it was reported as a fault. If the website for a bank or rail company had handled a change like this, they would doubtless have been panned for poor customer service.0 -
Here's an explanation of a security risk, to do with opening a link in a new tab, which may be the cause of the current situation:
https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
Riiiight... So a malicious site could cause the previously opened MSE tab to redirect to a fake/malware/phishing site...?
Have I understood that right...?
Surely that would be due to bad coding in the web browser...? Is that right? Does it affect all browsers?0 -
I've been using target="_blank" for the past 25 years to stop users deviating from my websites when they click on a link. No complaints of security breaches so far.
I'm no pro, I'd never heard of this issue before. Strange. It sounds like the kind of thing for which there would be a very quick/simple patch.0
This discussion has been closed.
Categories
- All Categories
- 343.3K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 248K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards