The security issue behind target="_blank" has been popping up over the Internet recently:

https://mathiasbynens.github.io/rel-noopener/
https://jakearchibald.com/2016/performance-benefits-of-rel-noopener/

The Problem

Without [rel="noopener"], the new page can access your window object via window.opener. Thankfully the origin security model of the web prevents it reading your page, but no-thankfully some legacy APIs mean it can navigate your page to a different URL using window.opener.location = newURL.

The Solution

Links intended to open in a new window (via the Link panel) will receive the target="_blank" attribute. These links should also receive the rel="noopener" attribute if the href is foreign.