cross origin attack with js window.open target='_blank'
Scalix Webmail (SWA)
Updated by Alexey Bobyr about 4 years ago
send email with link pointed to https://mathiasbynens.github.io/rel-noopener/malicious.html to yourself
it must be working link (in webmail using ctrl+c/ctrl+v just insert it as text) ...
then open this email . and click . .....