A Tasty Treats Podcast for Web Developers.

Ask a Potluck Question →
Wes Bos

Wes Bos

Full Stack JavaScript Developer. Creator of really good web development courses. BBQ enthusiast.

Scott Tolinski

Scott Tolinski

Web Developer, Creator of Level Up Tuts, Bboy, Robotops Crew and Youtuber

Playing: 269: Hasty Treat - Target=_blank security issue? What's the deal with noopener and noreferrer?

0:00

LOUDNESS

Jul 27th, 2020

Hasty Treat - Target=_blank security issue? What's the deal with noopener and noreferrer?

👇 Download Show✏️ Edit Show Notes

In this Hasty Treat, Scott and Wes talk about noopener and noreferrer and why you should use them with links that have blank targets.

Sentry - Sponsor

If you want to know what's happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry.io and using the coupon code "tastytreat".

Show Notes

03:35 - What's the big deal?

  • If you have a link that is target="_blank" you should add rel="noopener" and rel="noreferrer"
  • Retail Me Not uses it
  • Valid use cases:
    • Same domain change the page from a popup
    • Cross domain changing page data
  • Example: https://mathiasbynens.github.io/rel-noopener/

05:39 - Why doesn't the browser just fix it?

10:48 - Does this hurt SEO?

  • It breaks analytics of the recipient site, turning a referral visit from your site into direct traffic, unless the link has UTM or similar tracking parameters. If you have a site where passing traffic offsite is part of the business model, links need an affiliate id instead.

Tweet us your tasty treats!