rel=noopener
<a>、<area> 和 <form> 元素的 rel 属性的 noopener 关键字指示浏览器导航到目标资源,而不授予新的浏览上下文访问打开它的文档的权限 - 通过不在打开的窗口上设置 Window.opener 属性( 它返回 null)。
¥The noopener keyword for the rel attribute of the <a>, <area>, and <form> elements instructs the browser to navigate to the target resource without granting the new browsing context access to the document that opened it — by not setting the Window.opener property on the opened window (it returns null).
这在打开不受信任的链接时特别有用,以确保它们无法通过 Window.opener 属性篡改原始文档(有关更多详细信息,请参阅 关于 rel=noopener),同时仍然提供 Referer HTTP 标头(除非也使用 noreferrer)。
¥This is especially useful when opening untrusted links, in order to ensure they cannot tamper with the originating document via the Window.opener property (see About rel=noopener for more details), while still providing the Referer HTTP header (unless noreferrer is used as well).
请注意,当使用 noopener 时,除了 _top、_self 和 _parent 之外的非空目标名称在决定是否打开新窗口/选项卡方面都将被视为 _blank。
¥Note that when noopener is used, nonempty target names other than _top, _self, and _parent are all treated like _blank in terms of deciding whether to open a new window/tab.
注意:现在,在
<a>元素上设置target="_blank"隐式提供与设置rel="noopener"(不设置window.opener)相同的rel行为。请参阅 浏览器兼容性 了解支持状态。¥Note: Setting
target="_blank"on<a>elements now implicitly provides the samerelbehavior as settingrel="noopener"which does not setwindow.opener. See browser compatibility for support status.
规范
| Specification |
|---|
| HTML Standard # link-type-noopener |
浏览器兼容性
BCD tables only load in the browser
¥Browser compatibility