One of the guys at work forwarded this link to me today. This vulnerability involves a new form of code injection. Basically, if I were to open up a window to an external site from my site, it’s possible for me to hijack one (or more) of the links on that site and make it go wherever I want. Try out the test for yourself, it’s really creepy.

Disclaimer: Any viewpoints and opinions expressed in this article are those of Nicholas C. Zakas and do not, in any way, reflect those of my employer, my colleagues, Wrox Publishing, O'Reilly Publishing, or anyone else. I speak only for myself, not for them.