
The target=“_blank” vulnerability by example - Fizzadar
https://dev.to/ben/the-targetblank-vulnerability-by-example
======
jaytaylor
TFA's proposed solution seems illogical and inefficient.

TFA advocates for pushing the burden onto web programmers to use extra
attributes to disable the insecure browser default behavior.

It's preferable to advocate for the inverse- i.e. browsers must change their
behavior to be secure by default and force programmers to use extra HTML
attributes to proactively and intentionally disable the secure behavior.

