HFS user adding a "web link" in HFS is vulnerable to "target=_blank" exploit
When adding a "web link" to the HFS virtual filesystem, the frontend opens it with target="_blank" but without the rel="noopener noreferrer" attribute. This allows the opened page to use the window.opener property to change the location of the original HFS tab.