Bug #89044
Updated by Mathias Brodala over 4 years ago
Some links in the backend and install tool with target _blank (external links) have no rel="noopener noreferrer" set, this should be changed.
See here why: https://developers.google.com/web/tools/lighthouse/audits/noopener
bq. When you open another page using target="_blank", the other page may run on the same process as your page, unless Site Isolation is enabled. If the other page is running a lot of JavaScript, your page's performance may also suffer. See The Performance Benefits of rel=noopener.
The other page can access your window object with the window.opener property. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL. See About rel=noopener.