Would you use target="_blank"? And how many rels?

If you don't know already, <a href target="_blank"> can be a security risk. But, the question I have in mind is, did I overprotect myself?

To get started, see these two links,

• When to use target=”_blank”
• Explained: noopener, noreferrer, and nofollow Values

My understanding is,

• Without target="_blank", navigating out will break SPA's (single page apps)
• rel="noopener noreferrer" is enough for blogging sites, but noopener is only there for backward compat security risk.
• I don't know enough about nofollow, or please follow...

Comments

[Jakub Skoneczny]

That first resource is extremely useful. Thanks for this!

Currently, I use target="_blank" along with rel="noopener noreferrer" for links listed in my blog, which point to external social media sites like Twitter. The idea behind it was for users not to leave my site, but I will rethink this after reading these points from the first resource.

As I understand, nofollow may come in handy when linking to your internal and non-public sites, like admin panel.

[neoan]

I disagree with some of the points in the first resource. This is especially noticable when navigating on markdown content like here on dev.to or on GitHub. As a user, I have a certain expectation of when content opens in a new tab. While there might not always be a good reason for opening a new tab, it is what I expect when I open linked resources. Breaking that expectation is often worse as intuitive behavior - ultimately UX - is not fulfilled. How often have you thought "I should have pressed Ctrl before clicking that link"? Personally, it happened too often for me while navigating GitHub.