External Link Security
Checks external target=_blank links for noopener (security) and noreferrer (privacy)
Checks external target=_blank links for noopener (security) and noreferrer (privacy)
| Rule ID | security/new-tab |
| Category | Security |
| Scope | Per-page |
| Severity | warning |
| Weight | 4/10 |
Solution
External links with target=“_blank” should include rel=“noopener noreferrer”. noopener prevents the opened page from accessing window.opener (tab-nabbing attacks). noreferrer prevents leaking the referrer URL to the destination site (privacy). Modern browsers default noopener for target=“_blank”, but explicit attributes ensure compatibility.
Enable / Disable
Disable this rule
squirrel.toml
toml[rules]
disable = ["security/new-tab"]Disable all Security rules
squirrel.toml
toml[rules]
disable = ["security/*"]Enable only this rule
squirrel.toml
toml[rules]
enable = ["security/new-tab"]
disable = ["*"]