Shouldn't this behavior be explicitly enabled, defaulting to disallowing it?<p>Or do I need to tag all my links with a long series of "Don't allow this crazy thing", "Or that other thing", etc.
There's a Firefox extension to add the rel=noopener attribute to all links (except ones to the same domain): <a href="https://addons.mozilla.org/en-US/firefox/addon/dont-touch-my-tabs/?src=userprofile" rel="nofollow">https://addons.mozilla.org/en-US/firefox/addon/dont-touch-my...</a>
My totally unmeasured hunch is that there is a downside to using noopener: it could make the new page that is being opened take slightly longer, since it now needs to spool up another process/thread/sandbox/whatever instead of piggy backing off the existing page's.<p>More about the performance "benefit" here: <a href="https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/" rel="nofollow">https://jakearchibald.com/2016/performance-benefits-of-rel-n...</a>
Excellent, concise and with solid examples too! I can't see any reason to not expect this as the default behavior, especially in today's hostile climate. It almost seems as if the standards writers have a stake in making sure there is always a place in the picnic basket for an unseen finger...
I think this is an older article?* Any updates on support?<p>* I also don't understand how this is being served. If you go to <a href="https://github.com/mathiasbynens" rel="nofollow">https://github.com/mathiasbynens</a> there should be a repository called mathiasbynens.github.io right? But I can't find it.