About rel=noopener
▻https://mathiasbynens.github.io/rel-noopener/#hax
target=_blank donne une bonne possibilité de Cross-Origin Resource Sharing...
Recommandation :
To prevent pages from abusing window.opener, use rel=noopener. This ensures window.opener is null in Chrome 49 and Opera 36.
For older browsers, you could use rel=noreferrer which also disables the Referer HTTP header, or the following JavaScript work-around.
Don’t use target=_blank (or any other target that opens a new navigation context), especially for links in user-generated content, unless you have a good reason to.
#javascript #target=_blank #noopener #noreferrer #cross-origin #piratage