`rel='noopener'`

[ArmorDarks]

As we know from articles like this one, as of right now anchors with target='_blank are unsafe.

Potential fix would be adding rel='noopener' to every anchor with target. But, I'm not sure that relying on manual adding is a wise idea — definitely somewhere someone will forget to add one.

What we can do about it?

• Check links after build for existence of noopener. I don't know about any tool for that, but it potentially can be made as a addition to broken-link-checker
• Write Grunt plugin like gulp-noopener
• Use JS to add noopener to anchor after document has loaded. This is trivial (few lines of code), and works for most cases.
• Use more sophisticated JS library to fix the issue: blankshield

Note, that adding only rel='noopener' isn't that simple, since it supported not in all affected browsers.

See this table: https://github.com/danielstjules/blankshield#vulnerable-browsers and caniuse

IE will remain affected (if use changed default settings), Edge, good portion of mobile Safari and Android Browsers (not all upgraded to latest version yet)

blankshield seems to support all browsers, but it's method is slightly more complex and who knows how error-prone...