If you are using links with
target="blank" you might expose a vulnerability. The page you are linking to gains partial access to your tab via
window.opener. However, there is a pretty simple workaround. You can prevent this by specifying
rel="noopener noreferrer on your links. Even Create React App emits a warning, if you forget to specify the
1 Using target="_blank" without rel="noopener noreferrer" is a security risk: see https://mathiasbynens.github.io/rel-noopener react/jsx-no-target-blank
There are actually a lot of blog posts going into great lengths explaining the details of this security vulnerability. So be sure to check them out. As a starting point, check out the hacker news article from yesterday.
Read up on this topic: