ProdReady
All Vulnerabilities/Unsafe External Links
mediumsecurity

Unsafe External Links

Detects links with target="_blank" that are missing rel="noopener noreferrer".

Why This Is Bad

Links with target='_blank' without rel='noopener' allow the new page to control your original page. This is a phishing risk called 'tabnabbing'.

How To Fix

Add rel='noopener noreferrer' to all external links:

tsx
// Before (RISKY)
<a href="https://example.com" target="_blank">
  Visit Site
</a>

// After (SAFE)
<a 
  href="https://example.com" 
  target="_blank" 
  rel="noopener noreferrer"
>
  Visit Site
</a>

When You Pass This Check

All your external links are properly secured. Great security awareness!

Check If Your Repo Has This Issue

Our free scanner will detect this and 17 other common issues in your codebase.