Secure target="blank" with rel="noopener noreferrer"

If you are using links with target="blank" you might expose a vulnerability. The page you are linking to gains partial access to your tab via window.opener. However, there is a pretty simple workaround. You can prevent this by specifying rel="noopener noreferrer on your links. Even Create React App emits a warning, if you forget to specify the rel attribute:

Using target="_blank" without rel="noopener noreferrer" is a security risk: see https://mathiasbynens.github.io/rel-noopener  react/jsx-no-target-blank

There are actually a lot of blog posts going into great lengths explaining the details of this security vulnerability. So be sure to check them out. As a starting point, check out the hacker news article from yesterday.

Read up on this topic: