Links to cross-origin destinations are unsafe
Description
Rule ID: missing-rel-noopener
Determine if following HTML elements a
, area
, and form
that navigate to an external resource have defined an attribute rel="noopener"
.
Purpose
The noopener
keyword for the rel
attribute of the a
, area
, and form
HTML elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it – by not setting the window.opener
property on the opened window (it returns null
).
How to fix it
- For following HTML elements:
a
,area
, andform
when they navigates to the external resource, add the attributerel="noopener"
.
Standard
Best Practice, SiteLint