There's currently an unspoken rule that we use "_blank" in web applications, that should be updated to be included in the design manual at first and we should include additional guidance to address two security and accessibility issues.
We might want to look into adding rel="noopener" to "_blank" links as a way to counteract a common security issue with pages we don't control.
We should look into adding some screenreader-only text to warn users with visual impairments that this will open in a new tab to meet guideline 3.2 that webpages should work in a predictable way. A lot of users at the last accessibility conference I attended mentioned this as a common pain point when websites don't give any indication of new tab behavior.
There's currently an unspoken rule that we use "_blank" in web applications, that should be updated to be included in the design manual at first and we should include additional guidance to address two security and accessibility issues.
First brought up: https://github.com/cfpb/college-costs/pull/187#discussion_r67728602