當網頁要開新分頁時,可以寫

<a href="https://some.website.url" target="_blank" >Click to open new tab</a>

而這會有資安風險[1],"some.website.url"將有機會改寫原本網頁的內容

解法為加上 rel="noopener noreferrer"[2]

<a href="http://website.com" target="_blank" rel="noopener">Click to open new tab</a>

  1. https://pjchender.blogspot.com/2020/05/relnoreferrer-targetblank.html?fbclid=IwAR0BfhJiRulbKZt4lcm1jsyj0QGUjA35y3owAHCA-W1IP7xUUD5qDcTyQRU

    https://mathiasbynens.github.io/rel-noopener/#Recommendations

    https://css-tricks.com/use-target_blank/ ↩︎

  2. noreferrer是為了舊的瀏覽器 ↩︎