DEV Community 👩‍💻👨‍💻

Cover image for Safeguarding target=_blank links

Posted on • Updated on • Originally published at

Safeguarding target=_blank links

This article was originally posted at Check it out for more content Javascipt and Web development

I'm sure you have added <a href="..." target="_blank"> to your website before or at least know about it. Well, do you know that it has a potential of crashing your site and even have your user robbed?

Just kidding. I exaggerated a bit there. But seriously, this is a security issue that can be exploited. And it really affects performance, too.

When you click a link with target="_blank", the link opens up in new tab. As usual, nothing much happens. But under the hood, some of the most important properties of your page's window object get passed to the page that is going to open in the window.opener property.

One of these properties is the location prop.

With the window.opener property, the new page can redirect the page from which it was opened to some other page. An e-banking site can be redirected to, and the user will almost always miss this transition. Watch this video I have here to get a feel.

A bit scary, huh?

And there is also the issue of performance. The page that opens up runs on the same process as your page, meaning that both pages can become slow and laggy, just because of the other page. Don't link Youtube like this.


Just add this little attribute to your link:

Enter fullscreen mode Exit fullscreen mode

Yup, this little attribute solves all of the above problems. An example of this would be:

<a href="" target="_blank" rel="noopener"></a>
Enter fullscreen mode Exit fullscreen mode

This is a small measure, but it can pay off really well. Every external link on this blog, for example, has this attribute to it. Check it out if you want to.

Read more about it here

That's it for today. Hope you liked the article. Ping me on Twitter if you have any problems or simply leave a review. Link is in the footer.

Top comments (0)

🤔 Did you know?

✍️ Writing your own article is easy (we even support markdown)