target attribute
Overview
The target attribute specifies where to display the linked URL as a name for the browsing context (a tab, window, or <iframe>
). The following keywords have special meanings for where to load the URL:
_self
- the current browsing context, by default._blank
- usually a new tab, but users can configure browsers to open a new window instead._parent
- the parent browsing context of the current one, if no parent, behaves as_self
._top
- the topmost browsing context (the "highest" context that’s an ancestor of the current one), if no ancestors, behaves as_self
.
_blank
Using target=_blank
allows the linked page to get partial access to the source page through the window.opener API. The newly opened tab can then change the window.opener.location
to a phishing page or execute JavaScript on the opener page.
In newer browser versions (e.g. Firefox 79+) setting target="_blank" on <a>
elements implicitly provides the same rel
behavior as setting rel="noopener"
.
References
Last updated