char0n
commented
1 year ago Also as part of this issue, strategy how to approach external URLs should be created and implemented.
Open char0n opened 2 years ago
char0n
commented
1 year ago Also as part of this issue, strategy how to approach external URLs should be created and implemented.
The simplest solution is to avoid using target=... in HTML, and always set target=”_self” when calling JavaScript window.open()... especially for links to user-generated content and external domains. If you decide to use HTML target=, also use rel="noopener noreferrer". The "noopener" tells the web browser to not allow the JavaScript to gain control over the referring window (so window.opener won’t give access to it). The "noreferrer" prevents passing on the referrer information to the new tab/window