javascript security code-analysis checkmarx

Checkmarx : How to solve Unsafe_Use_Of_Target_blank issue?

I have 3 occurances of "Unsafe_Use_Of_Target_blank" vulnerability from Checkmarx, in the following lines of my code (UI5 project):

window.open(new URL(sCustomUrl).origin + "/" + sParam);

window.open(sCustomUrl + this.getView().getModel().getProperty("/ID"));

window.open(this.urlToID);

How can I eliminate the issue in these lines?

Solution

When not specifying the target (no second parameter for window.open, or it an empty string or "_blank"), the opened window gains some access to the page that executed the window.open() method (Reverse Tabnabbing).

Setting the opener property to null, or specifically setting the target when calling window.open, fixes this vulnerability.

You can get more info about "unsafe use of target _blank" here.

Failed to resolve: lib
TypeError: Cannot destructure property 'company' of 'jobs[value]' as it is undefined
React hooks: call component as function vs render as element
View a Javascript method's contents in Chrome console
Can the Monaco Editor use different line numbering based on the model?
Creating Internal Loops Dynamically
Time difference function giving negative value
Get interaction's reponse message object discord.js
How to specify browser language in Puppeteer
JS array is adding the first selected items value plus the new one with it
how to rate limit next.js server actions?
Override functions of the page in a Firefox extension content script
how to replace `bind(this)` in es6
Change border colors of TinyMCE on focus and blur
How do I get Tailwind's active breakpoint in JavaScript?
How to implement click event or data point selection on apexCharts?
How to send proactive message in a cron with botframework using javascript?
why was `ResizeObserver` introduced to listen to resize changes and not a simpler Element.prototype.addEventListener('resize', callback)
Js remove all classes from element
localhost:300/api is not working : "This page isn’t working"
Show a default image if src image is not found
Sorting a HTML table
Where are anonymous callback functions to setTimeout stored?
Add numbers in a object within a JavasScript array from an index below a value and return value
Axios CDN link refused to load
Encode HTML entities in JavaScript
How can I remove a specific item from an array in JavaScript?
Fluid dynamic simulation, with obstacles
Comparing two similar objects (holding same keys) and returning key value pairs that are different
Defer execution for ES6 Template Literals