diff --git a/files/en-us/web/api/window/opener/index.html b/files/en-us/web/api/window/opener/index.html index f15ebfff2a1ecb5..9b2388af0461209 100644 --- a/files/en-us/web/api/window/opener/index.html +++ b/files/en-us/web/api/window/opener/index.html @@ -47,7 +47,7 @@

Value

{{htmlattrxref("rel", "a")}}=noopener on a link, or passing noopener in the {{domxref("Window.open", "windowFeatures")}} parameter. -
  • From Firefox 79, windows opened because of links with a {{htmlattrxref("target", +
  • Windows opened because of links with a {{htmlattrxref("target", "a")}} of _blank don't get an opener, unless explicitly requested with {{htmlattrxref("rel", "a")}}=opener.
  • Having a {{HTTPHeader("Cross-Origin-Opener-Policy")}} header with a value of diff --git a/files/en-us/web/html/element/a/index.html b/files/en-us/web/html/element/a/index.html index 6b297a62fb1616c..e408f96cc35e06c 100644 --- a/files/en-us/web/html/element/a/index.html +++ b/files/en-us/web/html/element/a/index.html @@ -94,7 +94,7 @@

    Attributes

    -

    Note: In newer browser versions (e.g. Firefox 79+) setting target="_blank" on <a> elements implicitly provides the same rel behavior as setting rel="noopener".

    +

    Note: Setting target="_blank" on <a> elements implicitly provides the same rel behavior as setting rel="noopener". See browser compatibility for support status.

    {{HTMLAttrDef("type")}}
    @@ -319,7 +319,7 @@

    Security and privacy

    <a> elements can have consequences for users’ security and privacy. See Referer header: privacy and security concerns for information.

    -

    Using target="_blank" without rel="noreferrer" and rel="noopener" makes the website vulnerable to {{domxref("window.opener")}} API exploitation attacks (vulnerability description), although note that, in newer browser versions (e.g. Firefox 79+) setting target="_blank" implicitly provides the same protection as setting rel="noopener".

    +

    Using target="_blank" without rel="noreferrer" and rel="noopener" makes the website vulnerable to {{domxref("window.opener")}} API exploitation attacks (vulnerability description), although note that, in newer browser versions setting target="_blank" implicitly provides the same protection as setting rel="noopener". See browser compatibility for details.

    Accessibility