"underestimated vulnerability" that also has been fixed since 2021.
I remember reading about this back in ~2016 if not earlier. Was also featured on HN at least twice (via https://mathiasbynens.github.io/rel-noopener/ where I think I read about it first):
5 comments
[ 5.5 ms ] story [ 26.0 ms ] threadhttps://caniuse.com/mdn-html_elements_a_implicit_noopener
I remember reading about this back in ~2016 if not earlier. Was also featured on HN at least twice (via https://mathiasbynens.github.io/rel-noopener/ where I think I read about it first):
- https://news.ycombinator.com/item?id=11553740
- https://news.ycombinator.com/item?id=16226800
I mean, this doesn’t happen with normal links where the target isn’t set, so there must have been some intention behind this.