Always use rel=noopener for links that open in a new window or tab
When creating HTML links, I try to minimise creating ones that open in a new browser window or tab (using target="_blank"). Because it’s considered bad practice to overwrite default browser behaviour – where links are normally opened in the same window. And I agree with that.
However, sometimes I do create those links. But I only fairly recently learned that this is a potential security risk:
The other page can access your
windowobject with thewindow.openerproperty. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL. See About rel=noopener.
Adding the rel="noopener" attribute and value to the <a> tag fixes this problem. And so I’ve started adding those everywhere I create links with target="_blank".