rel="noopener noreferrer" should be added to links containing target="_blank" as a precaution against reverse tabnabbing
noopener
“Instructs the browser to open the link without granting the new browsing context access to the document that opened it — by not setting the Window.opener property on the opened window (it returns null).”
noreferrer
“Prevents the browser, when navigating to another page, to send this page address, or any other value, as referrer via the Referer: HTTP header.”
References:
1. Why am I seeing rel=”noopener noreferrer” in my WordPress links?
2. Add rel="noopener noreferrer" to target="_blank"
noopener
“Instructs the browser to open the link without granting the new browsing context access to the document that opened it — by not setting the Window.opener property on the opened window (it returns null).”
noreferrer
“Prevents the browser, when navigating to another page, to send this page address, or any other value, as referrer via the Referer: HTTP header.”
References:
1. Why am I seeing rel=”noopener noreferrer” in my WordPress links?
2. Add rel="noopener noreferrer" to target="_blank"
No comments:
Post a Comment