link with target=blank_ will cause some kind of phishing attack known as tabnabbing.
detail of this attacks are described below.
this is caused by
rel=noopener new API.
so I propose adding this attribute to
link_to when it given
link_to "External link", "http://www.rubyonrails.org/", target: "_blank"
<!-- before --> <a href="http://www.rubyonrails.org/" target="_blank">External link</a> <!-- after --> <a href="http://www.rubyonrails.org/" target="_blank" rel="noopener">External link</a>
currently implemented by chrome/opera.
noreferrer is considered altenative of
noopener for older browser.
but this cause not to send referrer to server, so it’ll cause breakin change for some apps.
noopener is no side effect for apps, without using
I’m posting this for asking guys befor writing PR according to guideline.