PHPKonf, Insanbul, Turkey

Will speak at PHPKonf this year. Topic is "Security: from basic principles to PHP specifics".

http://phpkonf.org/

Slides from the talk: http://slides.rmcreative.ru/2016/phpkonf-security/

good presentation. I do not know how target="_blank" is unsafe. I am using it in my pages. Any clue?

https://mathiasbynens.github.io/rel-noopener/

Thank you.

I was using target="_blank" for the unsafe user submitted external links. These were used because the external links were used in a results page loaded by ajax and I thought of keeping the results page undisturbed.

In the browsers in my PC, the following code works ok, but do you think if this is a solution for all browsers?




	public function actionRedir($url) {

		return "<!DOCTYPE html>

			<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">

			<p>redirecting..</p>

			<script>

				if (window.opener) {opener=null;}

				window.location='".urldecode($url)."';

			</script>

			</body></html>";

	}




Thanks for your time.

Yes. It should be OK for all browsers that execute JavaScript.

thanks again…

Thanks :)