Share this post
An evening up in #tildenpark at #lakeanza.
1 min read
A small web development thing I’d missed until yesterday:
When you want a link to open a page in a new tab, you’ve long been able to add the attribute target="_blank" to the tag. The problem was, that actually gave the opened pages rights to their referrer: it opened a security hole that could potentially have leaked user information or opened the door to phishing.
In response to that, the received wisdom was to also add rel="noopener" to the tag — or, more commonly, rel="noopener noreferrer", which strips referrer information from analytics. (Please don’t do this second part. For all kinds of reasons, it’s useful for a publisher to see who’s sending them traffic.) I’ve been adding noopener for years.
It turns out that browsers have been automatically setting this for links where target="_blank" since 2021: for three full years (and, actually, longer for Safari and Firefox). So there’s no need to add it anymore. There’s no harm in setting it, but there’s also no need.