The first link above is vulnerable to reverse tabnabbing since it uses target="_blank". Try clicking the link normally, or with a modifier key (shift, meta, etc), but without using a right click context menu. You'll be taken to a new tab, and this page will redirect to a fake attacker's "phishing page". The new tab is able to redirect this page using window.opener.location. The second link, however, is protected by using blankshield(), the function provided by this library.
Why is this harmful? Because neither the linked-to page, nor the phishing page lie on the same domain or origin as this GitHub page. The site doesn't need to be compromised. It just needs to allow user-submitted anchors with target="_blank".
The following table outlines the scope of affected browsers:
|Browser||Click||Shift + click||Meta/Ctrl + click|
|Safari 7, 8||x|
This is not a real issue tracker. But in this scenario, a user is requesting that you visit some page in hopes of acquiring your credentials. Unlike other phishing attacks, the opened link is not the final destination. To see how, click this link without using a modifier key or context menu. After being opened in a new tab due to its use of target="_blank", it will redirect this page. But using blankshield, clicking here will not cause this tab to redirect.