If you don't know already, <a href target="_blank">
can be a security risk. But, the question I have in mind is, did I overprotect myself?
To get started, see these two links,
My understanding is,
- Without
target="_blank"
, navigating out will break SPA's (single page apps) -
rel="noopener noreferrer"
is enough for blogging sites, butnoopener
is only there for backward compat security risk. - I don't know enough about
nofollow
, or please follow...
Top comments (2)
That first resource is extremely useful. Thanks for this!
Currently, I use
target="_blank"
along withrel="noopener noreferrer"
for links listed in my blog, which point to external social media sites like Twitter. The idea behind it was for users not to leave my site, but I will rethink this after reading these points from the first resource.As I understand,
nofollow
may come in handy when linking to your internal and non-public sites, like admin panel.I disagree with some of the points in the first resource. This is especially noticable when navigating on markdown content like here on dev.to or on GitHub. As a user, I have a certain expectation of when content opens in a new tab. While there might not always be a good reason for opening a new tab, it is what I expect when I open linked resources. Breaking that expectation is often worse as intuitive behavior - ultimately UX - is not fulfilled. How often have you thought "I should have pressed Ctrl before clicking that link"? Personally, it happened too often for me while navigating GitHub.