Details: https://mathiasbynens.github.io/rel-noopener/ https://twitter.com/iammerrick/status/914988292637990912 …
Some Web content relies on it. @bz_moz has some horror stories to tell.
-
-
window.opener should be set only if using http://window.open or on explicit attr use with tgt blank. Can I advocate for this somewhere?
-
Maybe there is a way to ask for permission (similar to notifications), so that it doesn’t go unnoticed, but doesn’t break old apps?
End of conversation
New conversation -
-
-
Oh, I would love to know more from Boris!
-
I don't have links to testcases offhand; I just recall bug reports that involved sites using window.opener with target=_blank
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.
Always use rel="noreferrer noopener" linking to another site with target="_blank". Or else that site can silently redirect your users!
