[HTML 5] Refer Polices
Morden browser apply noopener
for you, but for lagacy browser might not.
What noopener
does is that, it set window.opener
to null
, which can prevent evil site change the original site url points to a phising site.
A: is wrong, should be prevent newly opened site to access original site
noreferrer
: for example you open a link https://example.com
, without noreferrer
, you can access original site url through document.referrer
, looks like https://www.website.com/community?userId=123
, it can access the query params which might be sensitive to the user.
noreferrer
also make sure noopener
also applied.
therefore Answer B is correct.
More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Answer: B, D