Hasty Treat - Target=_blank security issue? What's the deal with noopener and noreferrer?

Syntax - Tasty Web Development Treats

Wes Bos

Tech News, News, Technology

4.9 • 1.2K Ratings

🗓️ 27 July 2020

⏱️ 14 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

In this Hasty Treat, Scott and Wes talk about noopener and noreferrer and why you should use them with links that have blank targets. Sentry - Sponsor If you want to know what’s happening with your errors, track them with Sentry. Sentry is open-source error tracking that helps developers monitor and fix crashes in real time. Cut your time on error resolution from five hours to five minutes. It works with any language and integrates with dozens of other services. Syntax listeners can get two months for free by visiting Sentry.io and using the coupon code “tastytreat”. Show Notes 03:35 - What’s the big deal? If you have a link that is target="_blank" you should add rel=“noopener” and rel=“noreferrer” Retail Me Not uses it Valid use cases: Same domain change the page from a popup Cross domain changing page data Example: https://mathiasbynens.github.io/rel-noopener/ 05:39 - Why doesn’t the browser just fix it? Safari did - You can use rel=“opener” to allow it Firefox did Chrome hasn’t yet https://twitter.com/HugoGiraudel/status/801475801397030912 10:48 - Does this hurt SEO? It breaks analytics of the recipient site, turning a referral visit from your site into direct traffic, unless the link has UTM or similar tracking parameters. If you have a site where passing traffic offsite is part of the business model, links need an affiliate id instead. Links @argyleink Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Transcript

Click on a timestamp to play from that location

0:00.0	Monday, Monday, Monday, Monday.
0:02.0	Open wide Dev fans.
0:04.0	Get ready to stuff your face with JavaScript,
0:07.0	CSS, node modules, barbecue tips, get workflows,
0:10.0	breakdancing, soft skills, web development,
0:12.0	the hastiest, the craziest, the craziest development the hastiest the craziest the tastiest web development treats coming in hot here is
0:18.1	Wes Barracuda bars and Scott El Toroloko Tolinsky.
0:25.0	Welcome to Syntax.
0:30.0	Yes, yes, it is the Syntax podcast. My name is Scott Tolinsky. I'm a developer from Denver, Colorado, and with me as always is the West Boss.
0:41.0	Ho! Hey, oh, hey, oh, hey, oh, this episode is a Monday hasty treat and we're going to be talking about
0:50.2	Noooper and no refer, also known as no opener and no referer.
0:57.5	When I see those two words, they just turn into jelly
0:59.7	in my brain and I don't even read the whole word.
1:02.0	Nupiner, Nupiner.
1:03.0	And we're going to be talking about security.
1:05.0	What's the issue with that if you've worked in any front end framework you probably know with that
1:10.0	that you can't just link off to the sites with a blank without using one of these
1:14.0	tags we're gonna talk about what they are why it is what the whole reasoning
1:18.0	behind that is and maybe just a little bit of the the depths there it's just gonna be a
1:21.5	fun one this episode is sponsored by Century.
1:25.0	No, unfortunately this is not a bug that will show up in your Century Lugs, but if it did,
1:29.7	it would pop in there, it would show up, you'd be able to track track it he'd be able to attach a
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Wes Bos, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Wes Bos and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.