Jump to content

(Guide/Review) Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener)


Karlston
 Share

Recommended Posts

Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener)

The Firefox add-on Don't Touch My Tabs! (rel=noopener) adds the link attribute rel=noopener to all links encountered in the web browser with the exception of same-domain links.

 

The extension addresses a long-standing issue that affects all modern web browser: when a linked resource is opened in  anew tab, it gets control over the page that it was loaded from.

 

That's a problem, as it opens the door for manipulation, tracking or malicious attacks. Visit the About rel=noopener website and activate the first link that says "click me..". It opens a new page in a new tab and while that in itself is not that exciting, going back to the originating page is because it has been manipulated by that site.

 

Websites may add the rel=noopener attribute to links to avoid this. Most should, considering that control is handed over to the linked resources. These could do all kinds of things, from changing form field destinations to loading tracking pixels or displaying advertisement.

 

Sites may implement rel=noopener to protect users and their own data from such attacks or manipulations. The problem is that this needs to be implemented by each site individually as browser makers have been reluctant to make the change. Mozilla did test rel=noopener for target="_blank" links in 2018 but did not activate the change for users of the browser. Check out the linked article for instructions on enabling noopener for blank targets.

 

Note: The preference appears to have the same effect as the Firefox add-on. It may require further testing to be really sure about that but a quick check of a couple of sites suggests that it works equally well.

 

When you check external links here on Ghacks, you will notice that noopener is used for all of them.

noopener browser
Ghacks external links

The Firefox add-on Don't touch my tabs! (rel=noopener) steps in by enabling noopener sitewide for any link you encounter after installation of the extension. The only exception to the rule applies to links that point to the same domain (as the site in question already has full control over its own pages).

 

The extension does the following, basically:

  1. Searches for hyperlinks on active pages and checks if they have the "target="_blank" attribute. For any found
    1. It adds the rel=noopener attribute if no rel attribute is used already.
    2. It adds noopener to the attribute if rel is already used leaving any other attributes untouched.

Breakage should be minimal and the extension works automatically in the background once it is installed. The extension is open source; you can check out its GitHub webpage to check out its source. Chrome users can check out No Opener instead which does the same.

 

 

Source: Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener) (gHacks - Martin Brinkmann)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...