---
title: Prevent target='_blank' security risks
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
Docs > Datadog Security > Code Security > Static Code Analysis (SAST) > SAST
Rules > Prevent target='_blank' security risks
---
# Prevent target='_blank' security risks
{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com
{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}
{% /callout %}
## Metadata{% #metadata %}
**ID:** `jsx-react/jsx-no-target-blank`
**Language:** JavaScript
**Severity:** Warning
**Category:** Security
**CWE**: [1022](https://cwe.mitre.org/data/definitions/1022.html)
## Description{% #description %}
Using `target="_blank"` in an anchor (``) tag allows a link to be opened in a new browser tab or window.
A malicious website opened through `target="_blank"` can change the `window.opener.location` to a phishing page, potentially misleading users.
This rule enforces using `rel="noreferrer"` with on links that have the `target="_blank"` attribute. It might not be needed if you target modern browsers, but is still recommended to follow it as a best practice.
#### Known Limitations{% #known-limitations %}
This rule does not support custom link components without an `href`, `target` and `rel` properties.
## Non-Compliant Code Examples{% #non-compliant-code-examples %}
```jsx
var Hello =
var Hello =
var Nested =
var Nested =
```
## Compliant Code Examples{% #compliant-code-examples %}
```jsx
var Hello =
var Hello =
var Hello =
var Hello =
var Hello =
var Hello =
var Hello =
```
Seamless integrations. Try Datadog Code SecurityDatadog Code Security
{% icon name="icon-external-link" /%}