target="_blank" vulnerability

[Cypouz]

As explained here, it would be nice to use rel="noopener noreferrer" with target="_blank" in links to avoid any risk of phishing.

[Alkarex]

Interesting 👍
I will have to check if this not already covered by <meta name="referrer" content="never" />
#1210

[Alkarex]

I have quickly checked that <meta name="referrer" content="never" /> is not enough, and that rel="noreferrer" works in Firefox 48, Edge 25, Chrome 53.

[Alkarex]

Pull request #1246

[Alkarex]

Should be solved in /dev branch. Please give it a try.