diff --git a/files/en-us/web/api/window/opener/index.html b/files/en-us/web/api/window/opener/index.html index f15ebfff2a1ecb5..9b2388af0461209 100644 --- a/files/en-us/web/api/window/opener/index.html +++ b/files/en-us/web/api/window/opener/index.html @@ -47,7 +47,7 @@
{{htmlattrxref("rel", "a")}}=noopener
on a link, or passing
noopener
in the {{domxref("Window.open", "windowFeatures")}} parameter.
- _blank
don't get an opener
, unless explicitly
requested with {{htmlattrxref("rel", "a")}}=opener
.Note: In newer browser versions (e.g. Firefox 79+) setting target="_blank"
on <a>
elements implicitly provides the same rel
behavior as setting rel="noopener"
.
Note: Setting target="_blank"
on <a>
elements implicitly provides the same rel
behavior as setting rel="noopener"
. See browser compatibility for support status.
<a>
elements can have consequences for users’ security and privacy. See Referer
header: privacy and security concerns for information.
Using target="_blank"
without rel="noreferrer"
and rel="noopener"
makes the website vulnerable to {{domxref("window.opener")}} API exploitation attacks (vulnerability description), although note that, in newer browser versions (e.g. Firefox 79+) setting target="_blank"
implicitly provides the same protection as setting rel="noopener"
.
Using target="_blank"
without rel="noreferrer"
and rel="noopener"
makes the website vulnerable to {{domxref("window.opener")}} API exploitation attacks (vulnerability description), although note that, in newer browser versions setting target="_blank"
implicitly provides the same protection as setting rel="noopener"
. See browser compatibility for details.