target="_blank" can lead to phishing issue by changing the originating page, cf. this article: https://dev.to/ben/the-targetblank-vulnerability-by-example This should be checked in external HTML in libervia (or directly in backend, check that target is not an allowed attribute).