idea Security Fix - Reverse Tabnabbing in ArcGIS Enterprise Ideas https://community.esri.com/t5/arcgis-enterprise-ideas/security-fix-reverse-tabnabbing/idi-p/1576896 <P>Security scans of externally hosted Portal instances raise red-flags about this around the urls and pages for the</P><P>portalhelp/en/portal/11.3/use/use-raster-functions-to-customize-raster-analysis.htm and all other documentation pages.</P><P>&nbsp;</P><TABLE width="1790"><TBODY><TR><TD width="1790">Reverse Tabnabbing is an attack where the target page is replaced by phishing site. This is possible when target="_blank" is in use with rel="noopener" or rel="noreferrer" attacker can use JavaScript window.opener and inject malicious domain in it. When user clicks on html link they will get redirected to phishing or unintentional website. WAS detects this vulnerability during crawling and evaluates HTML links embedded in anchor tags.</TD></TR></TBODY></TABLE> Fri, 17 Jan 2025 18:53:25 GMT DEWright_CA 2025-01-17T18:53:25Z Security Fix - Reverse Tabnabbing https://community.esri.com/t5/arcgis-enterprise-ideas/security-fix-reverse-tabnabbing/idi-p/1576896 <P>Security scans of externally hosted Portal instances raise red-flags about this around the urls and pages for the</P><P>portalhelp/en/portal/11.3/use/use-raster-functions-to-customize-raster-analysis.htm and all other documentation pages.</P><P>&nbsp;</P><TABLE width="1790"><TBODY><TR><TD width="1790">Reverse Tabnabbing is an attack where the target page is replaced by phishing site. This is possible when target="_blank" is in use with rel="noopener" or rel="noreferrer" attacker can use JavaScript window.opener and inject malicious domain in it. When user clicks on html link they will get redirected to phishing or unintentional website. WAS detects this vulnerability during crawling and evaluates HTML links embedded in anchor tags.</TD></TR></TBODY></TABLE> Fri, 17 Jan 2025 18:53:25 GMT https://community.esri.com/t5/arcgis-enterprise-ideas/security-fix-reverse-tabnabbing/idi-p/1576896 DEWright_CA 2025-01-17T18:53:25Z Re: Security Fix - Reverse Tabnabbing https://community.esri.com/t5/arcgis-enterprise-ideas/security-fix-reverse-tabnabbing/idc-p/1687948#M4493 <P>Related idea:&nbsp;<A href="https://community.esri.com/t5/arcgis-enterprise-ideas/disable-web-help/idi-p/1664225" target="_blank">Disable web help - Esri Community</A></P> Tue, 03 Mar 2026 11:14:57 GMT https://community.esri.com/t5/arcgis-enterprise-ideas/security-fix-reverse-tabnabbing/idc-p/1687948#M4493 SimonSchütte_ct 2026-03-03T11:14:57Z