Page MenuHomePhabricator

Reference previews use target=_blank without rel=noopener
Closed, DuplicatePublic

Description$252 sets target="_blank", but does not set rel="noopener". See as an explanation why this is insecure.
For reference: The same issue for core MediaWiki was T133507, and was fixed by adding rel="noopener noreferrer" (for older browsers) to all links with target="_blank". The same should be done here, too.