hint icon indicating copy to clipboard operation
hint copied to clipboard
verified publisher icon webhintio

Disowning opener by default for `target="_blank"` links

Open Malvoz opened this issue 6 years ago • 6 comments

This issue is about hint-disown-opener.

Developers have for some time been adviced to set rel="noopener" for outgoing target="_blank" links. However, WHATWG spec changes now says these links should imply noopener by default. That spec change also adds the opener link relation.

I suppose, changes to hint-disown-opener should wait until browsers actually implement this. And I think rather than looking for target="_blank" links to include rel="noopener" - instead perhaps warn if links contain rel="opener".

This is related to potential future checks for the Cross-Origin-Opener-Policy HTTP header mentioned in https://github.com/webhintio/hint/issues/1633.

Additionally, the rel attribute is now supported on <form> elements!

Malvoz avatar Aug 08 '19 15:08 Malvoz

Thanks for the heads-up @Malvoz!

I suppose, changes to hint-disown-opener should wait until browsers actually implement this.

Agree and I think we should tie this to the list of target browsers configured by the user. So if any target browser doesn't imply noopener by default webhint would give the current advice. If all target browsers imply noopener by default then webhint would even advise removing it as it would be unnecessary.

instead perhaps warn if links contain rel="opener"

That seems like a good addition to include too and can probably reported regardless of target browser.

antross avatar Aug 08 '19 17:08 antross

instead perhaps warn if links contain rel="opener"

That seems like a good addition to include too and can probably reported regardless of target browser.

I opened the same issue for Google's Lighthouse, their stand on warning for links using rel="opener":

we wouldn't ever flag explicit opener values since if you're explicitly opting in the assumption is that you needed to for some reason.

Which I think makes sense :)

Malvoz avatar Aug 08 '19 17:08 Malvoz

Implementation status:

https://bugs.chromium.org/p/chromium/issues/detail?id=898942 https://bugzilla.mozilla.org/show_bug.cgi?id=1503681 https://bugs.webkit.org/show_bug.cgi?id=190481

Malvoz avatar Aug 12 '19 19:08 Malvoz

New bug for Firefox seems to be https://bugzilla.mozilla.org/show_bug.cgi?id=1522083. Also the feature hasn't landed yet :(

molant avatar Sep 12 '19 03:09 molant

It looks like this is now handled by all major browsers: https://caniuse.com/mdn-html_elements_a_implicit_noopener

Zodiac1978 avatar Apr 01 '25 11:04 Zodiac1978

As this is now handled by all major browsers for a while it would be good to remove this rule as there is no longer a need to add rel="noopener" for outgoing target="_blank" links. Lighthouse removed this many years ago.

coliff avatar May 16 '25 08:05 coliff