Blog of Daniel Ruf

Written by Daniel Ruf.

target="_blank" considered harmful


Often links can be abused to take control of pages. This is a problem that is known for a very long time but it seems many developers are not aware of this or forgot about this.

don't blindly trust FILTER_VALIDATE_URL


Valid URLs can use a wide range of different protocols. This requires strict validation of user supplied URLs combined with correct checks. Too lax or wrong checks can quickly lead to vulnerabilities.