Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Browsers
Firefox
Firefox 79 makes some links more secure
Message
<blockquote data-quote="silversurfer" data-source="post: 891581" data-attributes="member: 26718"><p><em>by <a href="https://www.ghacks.net/author/martin/" target="_blank">Martin Brinkmann</a> on June 25, 2020 in <a href="https://www.ghacks.net/category/firefox/" target="_blank">Firefox</a> - Last Update: June 25, 2020</em> </p><p></p><p>Mozilla plans to introduce a change in an upcoming version of Firefox Stable that makes the handling of links more secure. The organization introduced an option<a href="https://www.ghacks.net/2018/11/30/firefox-security-relnoopener-for-target_blank/" target="_blank"> in Firefox Nightly back in November 2018</a> that set the link attribute rel="noopener" if target="_blank" is set.</p><p></p><p>The target="_blank" directive orders the web browser to open the target of the link in a new browser tab; otherwise, the link will be opened in the same tab.</p><p></p><p>The problem with target="_blank" is that the resource of the link gets full control over the originating window object even if it is a different site. You can check out this -- harmless -- <a href="https://mathiasbynens.github.io/rel-noopener/" target="_blank">demo</a> of how the linked resource may manipulate content on the originating page.</p><p></p><p>Basically, it allows the target site to change content on the originating site, e.g. to use it for phishing or to change information on the originating page. A user who switches back to the originating tab might not notice the manipulation.</p><p></p><p>Advertisers may abuse the functionality as well, e.g. to display advertisement on the linking site.</p><p></p><p></p><p>Webmasters may set rel="noopener" for links to protect users and their sites against any form of manipulation. We set the attribute for all links automatically here on Ghacks, but many sites don't.</p><p></p><p>Mozilla plans to set rel="noopener" for all links that use target="_blank" from Firefox 79 onward. It is interesting to note that setting rel="noopener" <a href="https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/" target="_blank">may also</a> improve performance.</p><p></p><p>Webmasters who want to retain the classic behavior need to set "rel="opener" manually to ensure that the functionality remains active.</p><p></p><p><a href="https://www.ghacks.net/2012/08/16/mozilla-firefox-release-schedule/" target="_blank">Mozilla plans to release Firefox 79 on July 28, 2020 according to the Firefox release schedule</a>. It is unclear why it took so long to get implemented in Firefox Stable.</p><p></p><p>Apple has introduced the same functionality in the company's Safari browser in March 2019, and Google <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=898942" target="_blank">plans</a> to introduce it in Chrome as well in the future.</p><p></p><p>Firefox users and other browser users can also install <a href="https://www.ghacks.net/2019/12/23/protect-your-tabs-in-firefox-with-dont-touch-my-tabs-relnoopener/" target="_blank">browser extensions such as Don't Touch My Tabs</a> to set rel="noopener" automatically.</p><p></p><p>[URL unfurl="true"]https://www.ghacks.net/2020/06/25/firefox-79-links-secure/[/URL]</p></blockquote><p></p>
[QUOTE="silversurfer, post: 891581, member: 26718"] [I]by [URL='https://www.ghacks.net/author/martin/']Martin Brinkmann[/URL] on June 25, 2020 in [URL='https://www.ghacks.net/category/firefox/']Firefox[/URL] - Last Update: June 25, 2020[/I] Mozilla plans to introduce a change in an upcoming version of Firefox Stable that makes the handling of links more secure. The organization introduced an option[URL='https://www.ghacks.net/2018/11/30/firefox-security-relnoopener-for-target_blank/'] in Firefox Nightly back in November 2018[/URL] that set the link attribute rel="noopener" if target="_blank" is set. The target="_blank" directive orders the web browser to open the target of the link in a new browser tab; otherwise, the link will be opened in the same tab. The problem with target="_blank" is that the resource of the link gets full control over the originating window object even if it is a different site. You can check out this -- harmless -- [URL='https://mathiasbynens.github.io/rel-noopener/']demo[/URL] of how the linked resource may manipulate content on the originating page. Basically, it allows the target site to change content on the originating site, e.g. to use it for phishing or to change information on the originating page. A user who switches back to the originating tab might not notice the manipulation. Advertisers may abuse the functionality as well, e.g. to display advertisement on the linking site. Webmasters may set rel="noopener" for links to protect users and their sites against any form of manipulation. We set the attribute for all links automatically here on Ghacks, but many sites don't. Mozilla plans to set rel="noopener" for all links that use target="_blank" from Firefox 79 onward. It is interesting to note that setting rel="noopener" [URL='https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/']may also[/URL] improve performance. Webmasters who want to retain the classic behavior need to set "rel="opener" manually to ensure that the functionality remains active. [URL='https://www.ghacks.net/2012/08/16/mozilla-firefox-release-schedule/']Mozilla plans to release Firefox 79 on July 28, 2020 according to the Firefox release schedule[/URL]. It is unclear why it took so long to get implemented in Firefox Stable. Apple has introduced the same functionality in the company's Safari browser in March 2019, and Google [URL='https://bugs.chromium.org/p/chromium/issues/detail?id=898942']plans[/URL] to introduce it in Chrome as well in the future. Firefox users and other browser users can also install [URL='https://www.ghacks.net/2019/12/23/protect-your-tabs-in-firefox-with-dont-touch-my-tabs-relnoopener/']browser extensions such as Don't Touch My Tabs[/URL] to set rel="noopener" automatically. [URL unfurl="true"]https://www.ghacks.net/2020/06/25/firefox-79-links-secure/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top