Details: https://mathiasbynens.github.io/rel-noopener/ https://twitter.com/iammerrick/status/914988292637990912 …
-
-
Replying to @rauschma
Requesting this action from developers seems like deferring a security issue
1 reply 0 retweets 1 like -
Replying to @leobalter @rauschma
Why not setting this behavior by default and requiring attrs for the opposite?
5 replies 0 retweets 2 likes -
Replying to @leobalter @rauschma
Because the Web depends on the current behavior, sadly.
1 reply 0 retweets 0 likes -
What would break if window.opener is not true by default?
2 replies 0 retweets 0 likes -
Replying to @leobalter @rauschma
Some Web content relies on it.
@bz_moz has some horror stories to tell.2 replies 0 retweets 0 likes -
Oh, I would love to know more from Boris!
1 reply 0 retweets 0 likes
I don't have links to testcases offhand; I just recall bug reports that involved sites using window.opener with target=_blank
9:06 AM - 3 Oct 2017
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Always use rel="noreferrer noopener" linking to another site with target="_blank". Or else that site can silently redirect your users!