PHPKonf, Insanbul, Turkey

Will speak at PHPKonf this year. Topic is "Security: from basic principles to PHP specifics".

Slides from the talk:

good presentation. I do not know how target="_blank" is unsafe. I am using it in my pages. Any clue?

Thank you.

I was using target="_blank" for the unsafe user submitted external links. These were used because the external links were used in a results page loaded by ajax and I thought of keeping the results page undisturbed.

In the browsers in my PC, the following code works ok, but do you think if this is a solution for all browsers?

	public function actionRedir($url) {

		return "<!DOCTYPE html>

			<html><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">



				if (window.opener) {opener=null;}





Thanks for your time.

Yes. It should be OK for all browsers that execute JavaScript.

thanks again…

Thanks :)