`target="_blank"` links should now imply `rel="noopener"`
See original GitHub issueThis is about the external-anchors-use-rel-noopener.js
audit.
In a recent WHATWG spec change, all target="_blank"
links should now imply rel="noopener"
.
And the opener
link relation was added.
Perhaps once browsers have implemented these changes, the audit could warn about occurrences of rel="opener"
links instead?
The Cross-Origin-Opener-Policy
HTTP header is related.
Additionally, the rel
attribute is now supported on <form>
elements as well.
Changes to the audit would affect the documentation at https://web.dev/external-anchors-use-rel-noopener, should I open an issue in the web.dev repo too?
Issue Analytics
- State:
- Created 4 years ago
- Reactions:2
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Link with target="_blank" and rel="noopener noreferrer" still ...
Setting target="_blank" on <a> elements now implies rel="noopener" behavior for many browsers; See browser compatibility for support status. – ...
Read more >Anchor target=_blank implies rel=noopener by default
To mitigate "tab-napping" attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard ...
Read more >About rel=noopener - GitHub Pages
2021 update: Browsers now implicitly set rel=noopener for any target=_blank link, following a spec change. If the demo on this page no longer...
Read more >Explained: noopener, noreferrer, and nofollow Values
This post explains what are the rel="noopener noreferrer nofollow" values, their usage and security and SEO implications.
Read more >Solved: How to apply << target="_blank" rel="noopener nore...
*Not only target="_blank" but also rel="noopener noreferrer" is needed. Anyone know how to do it using CSS, Scripts or other ways? I mean,...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Thanks @coliff! My guess is we’ll target this for Lighthouse 8 in the spring, to give ample time for most users to catch up, but we can discuss in the next meeting.
Action item here would be deleting this audit.