I read something somewhere with the HTML5 target="_blank" attribute security. What's going on there is that this attribute might not be too secure. You rel="noopener" was saying add this attribute as well. Is there anyone to explain what's going on?
I tried but I didn't understand much. I would be glad if you help.
Consider reading Google's web.dev article on this topic: Links to cross-origin destinations are unsafe. Here's an excerpt:
In general, when you use
target="_blank"
, always addrel="noopener"
orrel="noreferrer"
:<a href="https://examplepetstore.com" target="_blank" rel="noopener"> Example Pet Store </a>
rel="noopener"
prevents the new page from being able to access thewindow.opener
property and ensures it runs in a separate process.rel="noreferrer"
has the same effect but also prevents theReferer
header from being sent to the new page. See Link type "noreferrer".