HTML <a> element: What is meant by the exploitation of the window.opener API?

Question

Mozilla Developer Network documentation for the target attribute of HTML <a> element says:

Note: When using target, consider adding rel="noopener noreferrer" to avoid exploitation of the window.opener API.

What is the meaning of phrase exploitation of the window.opener API?

Answer 1

Just check this link (Refer), this example has great example exploitation of the window.opener API.

This is something to do with security vulnerability. target="_blank" vulnerability is extremely common.

• To prevent pages from abusing window.opener, use rel=noopener.
• In order to restrict the behavior window.opener access, the original page needs to add a rel="noopener" attribute to any link that has target="_blank". However, Firefox does not support that tag, so you should actually use rel="noopener noreferrer" for full coverage.

window.opener API is used in the new window you just open to attack the window from where it is opened.