Billions of links across the web—yeah, that’s Web Almanac’s count from last year—still hammer target=_blank on every outbound URL.
Why?
Look. Before HTML5 crashed the party, devs built SPAs with framesets. Ugly grids splitting your browser window into named boxes. Sidebar frame: name=”sidebar”. Main content: name=”content”. Click a link? Browser shuffles the href into the right frame via target=”content”.
Simple enough. But here’s the hack that stuck.
Framesets: Web’s Cringiest Chapter
Framesets. God, what a mess. Each frame got a unique name—no duplicates, or chaos. Want a link to bust out? No frame called “blank”? Browser spins up a new window, dubs it “blank”.
Devs hated frames—slow, SEO poison, usability nightmare. Yet they birthed this idiom.
Before HTML5, developers used frameset for SPA-like functionality, dividing the window into multiple frames, each with its own unique name.
Spot on. That quote nails it. Frames demanded names. Real, unique ones.
But “blank”? Nah. Too generic. Could clash. So underscore it: blank. Special sauce. Browser code sniffed the leading , screamed “magic! Open new tab, no frame BS.”
Clever? Sure. Lazy? Absolutely.
Why the Underscore in target=_blank?
Underscore screams “reserved.” Like file names dodging spaces. Here, it’s browser voodoo.
No _? Hunt for frame by that name. _ prefix? Specials only: _self (current), _parent (up), _top (topmost), _blank (new).
Clicking a link in sidebar, would load content in content frame:
Exactly. target=”content”—frame hunt. target=”_blank”—boom, fresh tab.
And if your frameset had a frame named “blank”? Tough luck, it loaded there. _blank fixed that. No collisions.
Underscore: dev’s middle finger to naming wars.
Does target=_blank Still Haunt Us?
Hell yes. Security headaches—blank tabs inherit referrer, cookies. Clickjacking bait. Yet we slap it everywhere.
My hot take? Unique insight time. This is web’s blink tag 2.0. Remember ? Deprecated, laughed off. target=_blank lingers because laziness > standards. Prediction: By 2030, browsers force rel=”noopener noreferrer” mandates, or W3C axes the specials. Shadow DOM and iframes already mock-frame us cleaner.
But corporate PR spins it eternal. “User choice!” Yeah, right. It’s inertia.
Framesets died in HTML5—strict DOCTYPE killer. Good riddance. SPAs now? React routers, no frames needed.
Still, that _blank echoes. Every popup ad, every affiliate link.
Pathetic.
The _blank Security Trap
Open _blank sans noopener? Parent window vulnerable. Script from child grabs control. Basic exploit.
Add rel=”noopener”. Fixes it. But 70% of sites forget—State of JS survey vibes.
And _blank slows tabs. Resource hog. Multitaskers hate it.
Why cling? Muscle memory. Tutorials from 2005.
Why Does This Matter for Developers?
You’re building a SaaS dashboard. External doc link? _blank or bust—users expect new tab.
But think. Progressive enhancement. window.open() as fallback. Or just let users middle-click.
History matters. Underscore reminds: web’s a junk drawer of hacks. Clean it.
Frameset parallel? Like COBOL in banks. Ancient, embedded, undeletable.
Dry laugh: We’re all frameset devs now.
Modern Alternatives That Don’t Suck
Use for files. Fetch API for blobs.
SPAs? Router.push, no reloads.
Iframes? sandbox=”allow-scripts”—safer than _blank wild west.
But _blank? Zombie API. Undead.
🧬 Related Insights
- Read more: Sweden’s $137M Revolt: Ditching iPads for Pencils in Every Classroom
- Read more: Prompt Chains Are Breaking AI Agents: ORCA’s Structured Fix Takes Aim
Frequently Asked Questions
What does target=_blank actually do?
Opens link in new tab/window. That leading _ makes it special—no frame search.
Why underscore in target=_blank not just blank?
Prevents clash with real frame names like “blank”. _ signals browser magic.
Is target=_blank safe to use in 2024?
Nope, without rel=”noopener noreferrer”. Sec hole otherwise.
