When opening a link in a new tab with target="_blank", the rel attribute of the HTML a tag can have many values including opener and noopener.
The examples below will demonstrate how opener gives the destination page access to the source page’s window.opener object which can be exploited in malicious ways.
1. opener
When you click on this link with a rel="opener" value, the new tab will have access to this page’s window.opener object and can potentially change its content. This can be bad.
<a href="page.html" target="_blank" rel="opener">this link</a>
2. noopener
When you click on this link with a rel="noopener" value, the new tab will not have access to this page’s window.opener object because noopener prevents this behavior. This is safe.
<a href="page.html" target="_blank" rel="noopener">this link</a>
3. Default behavior
When you click on this link, most modern browsers will default to the noopener behavior.
<a href="page.html" target="_blank">this link</a>
Good