DEV Community


Would you use target="_blank"? And how many rels?

patarapolw profile image Pacharapol Withayasakpunt ・1 min read

If you don't know already, <a href target="_blank"> can be a security risk. But, the question I have in mind is, did I overprotect myself?

To get started, see these two links,

My understanding is,

  • Without target="_blank", navigating out will break SPA's (single page apps)
  • rel="noopener noreferrer" is enough for blogging sites, but noopener is only there for backward compat security risk.
  • I don't know enough about nofollow, or please follow...

Discussion (2)

Editor guide
skona27 profile image
Jakub Skoneczny

That first resource is extremely useful. Thanks for this!

Currently, I use target="_blank" along with rel="noopener noreferrer" for links listed in my blog, which point to external social media sites like Twitter. The idea behind it was for users not to leave my site, but I will rethink this after reading these points from the first resource.

As I understand, nofollow may come in handy when linking to your internal and non-public sites, like admin panel.

sroehrl profile image

I disagree with some of the points in the first resource. This is especially noticable when navigating on markdown content like here on or on GitHub. As a user, I have a certain expectation of when content opens in a new tab. While there might not always be a good reason for opening a new tab, it is what I expect when I open linked resources. Breaking that expectation is often worse as intuitive behavior - ultimately UX - is not fulfilled. How often have you thought "I should have pressed Ctrl before clicking that link"? Personally, it happened too often for me while navigating GitHub.