Protect your tabs in Firefox with Don't Touch My Tabs! (rel=noopener)

The Firefox add-on Don't Touch My Tabs! (rel=noopener) adds the link attribute rel=noopener to all links encountered in the web browser with the exception of same-domain links.

The extension addresses a long-standing issue that affects all modern web browser: when a linked resource is opened in  anew tab, it gets control over the page that it was loaded from.

That's a problem, as it opens the door for manipulation, tracking or malicious attacks. Visit the About rel=noopener website and activate the first link that says "click me..". It opens a new page in a new tab and while that in itself is not that exciting, going back to the originating page is because it has been manipulated by that site.

Websites may add the rel=noopener attribute to links to avoid this. Most should, considering that control is handed over to the linked resources. These could do all kinds of things, from changing form field destinations to loading tracking pixels or displaying advertisement.

Sites may implement rel=noopener to protect users and their own data from such attacks or manipulations. The problem is that this needs to be implemented by each site individually as browser makers have been reluctant to make the change. Mozilla did test rel=noopener for target="_blank" links in 2018 but did not activate the change for users of the browser. Check out the linked article for instructions on enabling noopener for blank targets.

Note: The preference appears to have the same effect as the Firefox add-on. It may require further testing to be really sure about that but a quick check of a couple of sites suggests that it works equally well.

When you check external links here on Ghacks, you will notice that noopener is used for all of them.

The Firefox add-on Don't touch my tabs! (rel=noopener) steps in by enabling noopener sitewide for any link you encounter after installation of the extension. The only exception to the rule applies to links that point to the same domain (as the site in question already has full control over its own pages).

The extension does the following, basically:

1. Searches for hyperlinks on active pages and checks if they have the "target="_blank" attribute. For any found
   1. It adds the rel=noopener attribute if no rel attribute is used already.
   2. It adds noopener to the attribute if rel is already used leaving any other attributes untouched.

Breakage should be minimal and the extension works automatically in the background once it is installed. The extension is open source; you can check out its GitHub webpage to check out its source. Chrome users can check out No Opener instead which does the same.

Now You: How do you handle this in your browser?