Recently I read an article, and I know more. I never thought opener could play like this before. A brief introduction:


What problem to solve

Suppose you are currently viewing a page with a link (possibly typed by the user) :

< a target = "_blank" href = "http://keenwon.com/" > click < / a >Copy the code

Using window.oponer in the newly opened TAB, you can get the window of the current page. In this way, http://keenwon.com (the opened page) will gain partial control of the current page, even if the newly opened page is cross-domain (for example, location does not have cross-domain problems). Try this demo. The demo just jumps to baidu’s home page, but what if it jumps to a phishing site? The user is prompted to log in directly, while the user is focused on the newly opened TAB and probably won’t notice the changes to the original page in the background.


Rel = noopener new features

In Chrome 49+, Opera 36+, open the link with Rel =noopener, window.opener will be null. In older browsers, you can disable the HTTP header Referer attribute with rel=noreferrer and use the following JavaScript instead of target=’_blank’ :

var otherWindow = window.open('http://keenwon.com');
otherWindow.opener = null;
otherWindow.location = url;Copy the code

Use window.open to open the page and set the manual opener to null.