A walkthrough of implementing external link interception in a ColdFusion (CFML) web app. When user-generated content contains links to external domains, those links are rewritten at render time to route through an interstitial warning page. The implementation uses JSoup to parse HTML, java.net.URI for URL parsing, and Base64url encoding to safely pass the original URL as a query parameter. The interstitial page warns users they are leaving the site and identifies the external domain. Security considerations like rel="noopener noreferrer" and OWASP's reverse tabnapping guidance are also discussed, including a note that modern browsers now apply noopener implicitly for target="_blank" links.
Table of contents
External Link Interception WorkflowColdFusion Implementation DetailsIs This Really Necessary?OWASP Deprecation For noopenerYou Might Also Enjoy Some of My Other PostsReader CommentsSort: