Firefox will protect links by adding rel=”noopener” attribute
Mozilla is going to make links in Firefox more secure. Firefox 79 automatically adds the rel=”noopener” attribute to all links that open in another tab. This prevents the browser from manipulating web pages.
In Firefox 79, links placed on a web page via target=”_blank” are automatically provided with the rel=”noopener” attribute. That attribute can be added to links by website administrators as an extra measure of protection, but it’s not a standard feature in Firefox and many other browsers.
target=”_blank” opens links in a new tab. However, that function has the property that the linked page can determine what happens in the original tab. As a result, a linked webpage can be updated by the new page, for example by turning it into a phishing page or creating a new page with advertisements on it. There are several web demos available that illustrate that problem.
Website administrators can mitigate that by adding the rel=”noopener” attribute to links. The rel attribute specifies the relationship between the original and the new web page, and thus can prevent the new page from altering the old one.
Not every website administrator adds noopener to target=”_blank” links. Ghacks writes that Mozilla will add that attribute by default to such links from Firefox 79, which will be released at the end of July.
The feature has been in the Firefox Nightly betas since 2018. It is not clear why the feature has not been definitively implemented before. Safari already adds the attribute, and Google plans to do the same in Chrome in the future.