I recently learned that using
target="_blank" is also a security vulnerability. Using
rel=noopener is recommended. This will prevent the newly opened page from accessing your window object via
<a href="http://mylink.com" target="_blank" rel="noopener">My Link</a>
Here is some more info on
Here are a few examples demonstrating the security vulnerability and how the page that is linked to can manipulate the original page.