Did you know that using `target=_blank` for user-supplied links is a security risk? `rel=noopener` is here to help. https://mathiasbynens.github.io/rel-noopener/
Replying to @abozhilov
@abozhilov It does! Access to `window` is enough to overwrite `window.location` and redirect. You can’t access `window.document` though.
2:52 AM - 15 Mar 2016
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.