this post was submitted on 13 Jun 2026
25 points (96.3% liked)

Technology

85355 readers
3658 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
25
Please don't mess with links: (Maurycy's blog) (maurycyz.com)
submitted 12 hours ago by lemmydividebyzero@reddthat.com to c/technology@lemmy.world
5 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] MonkderVierte@lemmy.zip 5 points 10 hours ago* (last edited 10 hours ago) (1 children)

<a target="\_blank">

About that, you should add rel="noopener" (and maybe noreferer too) there, or the linked site could inject JS in yours, a security risk for your visitors.

I have a little usercss that adds a warning picture (::after { content: "pic"; }) on _target without noopener and especially Github is bad there.

[–] ChaosMonkey@lemmy.dbzer0.com 2 points 6 hours ago (1 children)

Can you share some reference? I don't understand how some linked site could affect the site containing it.

[–] MonkderVierte@lemmy.zip 3 points 5 hours ago* (last edited 1 hour ago) (1 children)

Stackoverflow, but here you go.

I've made a userscript that puts a rel="noopener" on target="_blank" links where missing, with no issues for about half a year usage. While noreferer breaks some payment processors and the like. Sadly, i lost it a few months ago, need to redo it sometime.

[–] ChaosMonkey@lemmy.dbzer0.com 2 points 1 hour ago

Thanks, really good to know.

For quick reference, here is the first section from the MSDN docs:

The noopener keyword for the rel attribute of the <a>, <area>, and <form> elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it — by not setting the Window.opener property on the opened window (it returns null).