Discussion on the security implications of links that open in a new tab or window, and browser fixes to prevent malicious sites from accessing the opener window

In this Hasty Treat, Scott and Wes talk about noopener and noreferrer and why you should use them with links that have blank targets.
Show Notes
03:35 - What's the big deal?
- If you have a link that is target="_blank" you should add rel="noopener" and rel="noreferrer"
- Retail Me Not uses it
- Valid use cases:
- Same domain change the page from a popup
- Cross domain changing page data
- Example: https://mathiasbynens.github.io/rel-noopener/
05:39 - Why doesn't the browser just fix it?
- Safari did - You can use rel="opener" to allow it
- Firefox did
- Chrome hasn't yet
- https://twitter.com/KittyGiraudel/status/801475801397030912
10:48 - Does this hurt SEO?
- It breaks analytics of the recipient site, turning a referral visit from your site into direct traffic, unless the link has UTM or similar tracking parameters. If you have a site where passing traffic offsite is part of the business model, links need an affiliate id instead.
