One of the big, national grocery store chains here has managed to create a webpage, where:
- you cannot open a product in a new tab, and
- if you click on a product and hit the back-button, it resets the scroll position in the product list all the way to the start.
In effect, the webpage is practically unusable for actually browsing through products. They’re probably missing out on hundreds of thousands in sales, for something that could be fixed for like 50 quid.
<a target="\_blank">About that, you should add
rel="noopener"(and maybenoreferertoo) there, or the linked site could inject JS in yours, a security risk for your visitors.I have a little usercss that adds a warning picture (
::after { content: "pic"; }) on _target without noopener and especially Github is bad there.Can you share some reference? I don’t understand how some linked site could affect the site containing it.
Stackoverflow, but here you go.
I’ve made a userscript that puts a
rel="noopener"on target=“_blank” links where missing, with no issues for about half a year usage. Whilenorefererbreaks some payment processors and the like. Sadly, i lost it a few months ago, need to redo it sometime.Thanks, really good to know.
For quick reference, here is the first section from the MSDN docs:
The
noopenerkeyword for therelattribute of the<a>,<area>, and<form>elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it — by not setting theWindow.openerproperty on the opened window (it returnsnull).the answers say these are not recommended anymore, because browsers changed their defaults a long time ago
I’ve looked into Firefox’ bugtracker and there it’s “solved” by not doing it because nobody else does it.
