Tabnabbing is a type of phishing attack that targets the inactive tabs in your browser. While you're focused on your current tab, the link to the previous one can be hijacked, and you'll be redirected from the intended site to a malicious one resembling the real thing.
Since the malicious site looks very similar to the original, the user is typically unaware that the page they're on isn't legit once they return to that tab. Because of this, the user puts in their personal information, not knowing someone's on the other side waiting to steal it.
Using noopener prevents bad actors and links from accessing the previous tab or window that opened the current one. This is done by setting the Window.opener() property to null.
Adding noreferrer prevents external sites from knowing that you've linked to them, which means your traffic data won't be sent their way.
The plugin enforces developer to add rel="noopener noreferrer" to prevent tabnapping malicious attack.
To Install the plugin locally first clone the project then run the below command
npm link
Next, run install eslint-plugin-plugin
in project where you want to use the plugin
Add plugin
to the plugins section of your .eslintrc
configuration file. You can omit the eslint-plugin-
prefix:
{
"plugins": [
"plugin"
]
}
Then configure the rules you want to use under the rules section.
{
"rules": {
"plugin/tabnappingrule": 2
}
}
TODO: Run eslint-doc-generator to generate the rules list.