By default, the A TAB in the web page jumps to the link address in the current window. If you want to open it in a new window, you need to add a target=”_blank” attribute to the A TAB. Ex. :

<a target="_blank" href="https://weibo.com/"</a>Copy the code

1 Security Risks

If you just add target=”_blank” to a new window, the new page can get the window object of the source page via window.opener, even across domains.

Access to some properties is blocked because of cross-domain security policy restrictions. However, for example, change the value of window.opener. Location to point to another address.

That is, you can just browse a website, then open a new window, the result of the new window mysteriously changed the original page address. At this point, you can disguise the page, such as disguised as landing page, to let the user input account password, so as to reach the purpose of the hacker.

2 Performance Problems

A new window opened by target=”_blank” shares the same process as the original page window. If the new page executes a lot of poorly performing JavaScript code and consumes a lot of system resources, the performance of your original page will also suffer.

3 Solution

  1. Use as little as possibletarget="_blank";
  2. If you have to use it, you have to add itrel="noopener"orrel="noreferrer". Openner for the new window will be null, and the new window will run in a separate process without dragging down the original page process. (However, some browsers are optimized for performance so that new Windows will open in a separate process even without this property. But for safety’s sake, I’ll add it.)

  1. A new page opened with window.open:
var newWindow = window.open();
newWindow.opener = null;
newWindow.location = "https://weibo.com/";
newWindow.target = "_blank";
Copy the code