Closed DanielRuf closed 2 years ago
What is the preferred solution? Remove the target
attribute or set the rel
attribute to mitigate tab nabbing attacks?
I have no idea to be honest. Most of my work is backend/devops and I rarely touch HTML besides some basics. Feel free to implement whatever you consider better.
target="_blank"
is bad for the accessibility and for the security, you also forgot to addnoreferrer
to therel
attribute.See also https://blog.daniel-ruf.de/target-blank-considered-harmful/.