Did you know: specifying target="_blank" in an anchor tag (<a></a>) creates a gnarly vulnerability? A recent code review found that we were susceptible to this issue. We've since remediated the vulnerability on our site, and would like to raise awareness of it for our customers.
This vulnerability, which affects all major browsers, allows the newly opened page full read/write access to the parent page's window.location object.
If this all sounds theoretical, check out this excellent demo of the vulnerability. Fortunately, the fix is as simple as adding rel="noopener" to the anchor tag.
<a target="_blank" href="https://example.com">Click me!</a>
<a target="_blank" rel="noopener" href="https://example.com">Click me!</a>
Security is a constant focus at Doppler, and we will continue to do everything we can to earn, and keep, your trust.