Is this vulnerability only exploited on pages where users submit or upload information? The reason I'm asking, a site I'm assisting, uses target="_blank" on many pages but most of the pages are only displaying information and user's are not submitting or uploading content.
It's only really a thing if you can't fully trust the pages you're linking out to. And as described, there are ways to mitigate this to a good extent.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.