
The danger of target=_blank and opener - github-cat
https://www.pingtech.xyz/article/1537002042-The-danger-of-target%3D_blank-and-opener
======
sam_goody
Not the main point of the article, but he makes a comment that doesn't sit
well with me.

> Also for SEO consideration, rel="nofollow" is also recommended.

If you are linking to another site, that helps said site's SEO ranking. If you
use this in a way that the search engine views as cheating, the other site is
penalized.

But as long as you and the other site are being fair, then you SHOULD link to
them - they are obviously providing good content that you think is important,
so why try to hog the credit and not give them the ranking they deserve.

Sitye like Stackoverflow do this to cut down on spam, (and perhaps because
they want Google to view them as the original), but for a blog or whatever,
why would you recommend this?

~~~
CM30
100% agreed with this. In fact, this obsession with adding nofollow to links
is likely both why Google results have suffered a bit in recent years and also
why Google is apparently starting to ignore the nofollow attribute on some
links altogether. Use nofollow where it's relevant, not as some blanket rule
for every external link on a website.

[https://searchengineland.com/nofollow-links-not-useless-
earn...](https://searchengineland.com/nofollow-links-not-useless-earning-
central-good-seo-285412)

------
afraca
Previous discussion:
[https://news.ycombinator.com/item?id=12380671](https://news.ycombinator.com/item?id=12380671)

There were some high profile sites affected by this by the way, I think it was
Instagram where it actually went wrong.

------
davidmurdoch
There are performance implications to adding noopener, as outlined in
in[https://jakearchibald.com/2016/performance-benefits-of-
rel-n...](https://jakearchibald.com/2016/performance-benefits-of-rel-
noopener/)

While the above link suggests noopener is beneficial to add as it will prevent
the parent JS process from being paused by long running scripts in the child
process, it _may_ actually slow down the site being _opened_ because of the
additional time required to initialize the new child's process.

It also prevents sites that want to auto-close their opened tab/popup, like
Facebook and other sharing sites, from being able to call `window.close` after
sharing is complete.

~~~
kentonv
Now that Chrome is moving towards strict site isolation in the wake of
Spectre, that advice is probably obsolete -- Chrome will always create a new
process for the new tab even if you keep the opener reference.

------
daveFNbuck
Is there a need for the default behavior? It feels like browsers should just
switch this to the default for all external links with target=_blank.

------
gcb0
add base tag with rel=noopener to everything you do today and be protected
when browsers actually implement support for it.

~~~
detaro
Or add rel=noopener to all links today and be protected now?

~~~
gcb0
you can have both. but the base tag will make it default instead of on each a
tag.

