Links to cross-origin destinations are unsafe

Description

Rule ID: missing-rel-noopener

Determine if following HTML elements a, area, and form that navigate to an external resource have defined an attribute rel="noopener".

Purpose

The noopener keyword for the rel attribute of the a, area, and form HTML elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it – by not setting the window.opener property on the opened window (it returns null).

How to fix it

  • For following HTML elements: a, area, and form when they navigates to the external resource, add the attribute rel="noopener".

Standard

Best Practice, SiteLint