Read on Twitter
QUICK TIP:If you're using `target="_blank"` to open a link in a new tab, it is recommended to include `rel="noopener"` or `rel="noreferrer"` or both.
Why?
Because of a security concern called "tabnabbing".
So what's this?
(Thread)
#DEVCommunity
#CodeNewbie
As you may know, if you need to add a link to your website, and you need the link to open in a new tab, you need to add `target="_blank"`.
For example, for Page1 to open Page 2 in a new tab:
For example, for Page1 to open Page 2 in a new tab:
The result is the link (Page 2) opening in a new tab.
What you may not realise however, is that Page 2 has full access to Page 1!
How?
Because of a Javascript object called an "opener" which is readily available for use by Page 2.
How?
Because of a Javascript object called an "opener" which is readily available for use by Page 2.
This means that you can do things like get the URL of Page 1 from Page 2, which can be really useful in some conditions.
Using the "opener" however, Page 2 can also change the page on the first tab! 
You can see how this can go wrong...
See how Page 2 can change the page on the first tab from Page 1 to Malicious page!
You can see how this can go wrong...
See how Page 2 can change the page on the first tab from Page 1 to Malicious page!
This can be a serious security concern.
How can we fix this? By simply adding `rel="noopener"` on your <a> tag. That's it!
When you do this "opener" becomes unavailable to the new tab!
How can we fix this? By simply adding `rel="noopener"` on your <a> tag. That's it!
When you do this "opener" becomes unavailable to the new tab!
To learn more about Tabnabbing, Krebs on Security has a great article on this: https://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/
