I've been given a task to deal with security vulnerabilities. I've ran a test on all custom JavaScript files in our project using DefenseCode ThunderScan and found several high threat vulnerabilities, all of them associated with 'code injection'. Example of piece of code where the vulnerability was found:
setTimeout(function () {
window.location.href = Urls.getHuhnScaleIndexDataUrl.replace('ResidentId',
model.residentId()).replace('SessionVal', true);
}, 2000);
window.open(urlReport, '_blank');
What exactly poses a vulnerability in these code examples?
Using windows.open is considered bad practice because the new windows retains a reference to the parent one and can then try to inject / code into it.
The new window has an opener field which points to the former window with unrestricted access, which means you can delete the body of the parent or steal tokens embedded in forms...
Reference: https://dev.to/ben/the-targetblank-vulnerability-by-example