rel=noopener
<a>
、<area>
和 <form>
元素的 rel
属性的 noopener
关键字指示浏览器导航到目标资源,而不授予新的浏览上下文访问打开它的文档的权限 - 通过不在打开的窗口上设置 Window.opener
属性( 它返回 null
)。
¥The noopener
keyword for the rel
attribute of the <a>
, <area>
, and <form>
elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it — by not setting the Window.opener
property on the opened window (it returns null
).
这在打开不受信任的链接时特别有用,以确保它们无法通过 Window.opener
属性篡改原始文档(有关更多详细信息,请参阅 关于 rel=noopener),同时仍然提供 Referer
HTTP 标头(除非也使用 noreferrer
)。
¥This is especially useful when opening untrusted links, in order to ensure they cannot tamper with the originating document via the Window.opener
property (see About rel=noopener for more details), while still providing the Referer
HTTP header (unless noreferrer
is used as well).
请注意,当使用 noopener
时,除了 _top
、_self
和 _parent
之外的非空目标名称在决定是否打开新窗口/选项卡方面都将被视为 _blank
。
¥Note that when noopener
is used, nonempty target names other than _top
, _self
, and _parent
are all treated like _blank
in terms of deciding whether to open a new window/tab.
注意:现在,在
<a>
元素上设置target="_blank"
隐式提供与设置rel="noopener"
(不设置window.opener
)相同的rel
行为。请参阅 浏览器兼容性 了解支持状态。¥Note: Setting
target="_blank"
on<a>
elements now implicitly provides the samerel
behavior as settingrel="noopener"
which does not setwindow.opener
. See browser compatibility for support status.
规范
Specification |
---|
HTML Standard # link-type-noopener |
浏览器兼容性
BCD tables only load in the browser
¥Browser compatibility