Ask HN: If target=“_blank” without rel=“noopener” is unsafe Ask HN: If links with target="_blank" without rel="noopener" are unsafe, why is "noopener" not just the default? |
Ask HN: If target=“_blank” without rel=“noopener” is unsafe Ask HN: If links with target="_blank" without rel="noopener" are unsafe, why is "noopener" not just the default? |
Here is the rel attribute desc : https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes... where you will find an explanation :
"The rel attribute has no default value. If the attribute is omitted or if none of the values in the attribute are supported, then the document has no particular relationship with the destination resource other than there being a hyperlink between the two. In this case, on <link> and <form>, if the rel attribute is absent, has no keywords, or if not one or more of the space-separated keywords above, then the element does not create any links. <a> and <area> will still created links, but without a defined relationship."