Why is "Links to cross-origin destinations are unsafe" an issue?
When you open another page using target="_blank", the other page may run on the same process as your page, unless "Site Isolation" is enabled. If the other page is running a lot of JavaScript, your page's performance may also suffer.
Aside from that, the other page can access your window object with the window.opener property. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL.
So, if you have links to another origin and you use target="_blank", always add rel="noopener" or rel="noreferrer".
rel="noopener" - This indicates that any newly created browsing context which results from following the hyperlink will be disowned, which means that its window.opener attribute will be null.
i.e.
<a href="..." target="_blank" rel="noopener">...</a>
rel="noreferrer" - This indicates that no referrer information is to be leaked when following the link.
The noreferrer keyword implies the behavior associated with the noopener keyword when present on a hyperlink that creates a new browsing context.
Therefore,
<a href="..." rel="noreferrer" target="_blank">...</a>
has the same behavior as
<a href="..." rel="noreferrer noopener" target="_blank">...</a>
Solution:
Add rel="noopener" or rel="noreferrer" to each of the external links that are identified in your Audits report from the Google Chrome's Inspect Element tool. This improves the performance and prevent security vulnerabilities of your website.
When you open another page using target="_blank", the other page may run on the same process as your page, unless "Site Isolation" is enabled. If the other page is running a lot of JavaScript, your page's performance may also suffer.
Aside from that, the other page can access your window object with the window.opener property. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL.
So, if you have links to another origin and you use target="_blank", always add rel="noopener" or rel="noreferrer".
rel="noopener" - This indicates that any newly created browsing context which results from following the hyperlink will be disowned, which means that its window.opener attribute will be null.
i.e.
<a href="..." target="_blank" rel="noopener">...</a>
rel="noreferrer" - This indicates that no referrer information is to be leaked when following the link.
The noreferrer keyword implies the behavior associated with the noopener keyword when present on a hyperlink that creates a new browsing context.
Therefore,
<a href="..." rel="noreferrer" target="_blank">...</a>
has the same behavior as
<a href="..." rel="noreferrer noopener" target="_blank">...</a>
Solution:
Add rel="noopener" or rel="noreferrer" to each of the external links that are identified in your Audits report from the Google Chrome's Inspect Element tool. This improves the performance and prevent security vulnerabilities of your website.
Comments