Support Thread

In Forum Linking Dont Open Link In New Window

In Forum Linking Dont Open Link In New Window — APG vNext Guide

In Forum Linking Dont Open Link In New Window — an archived discussion from the APG vNext support community.

About This Topic

This thread covers in forum linking dont open link in new window in the context of APG vNext, the ASP.NET forum and community platform. The community includes APG developers and experienced administrators who can help with similar questions.

APG vNext Support

Controlling Link Behaviour in APG vNext Forum Posts

The default APG vNext link handling distinguishes between internal links (URLs within the same domain as the forum) and external links (URLs pointing to other domains). Internal links open in the same tab by default since navigating to another page on the same site does not interrupt the user's workflow. External links can be configured to open in a new tab by setting the default external link target, which prevents users from accidentally navigating away from the forum when following an external reference link.

Configuring Default External Link Behaviour

Configure default external link behaviour in Admin Panel → Settings → Content → External Links. Options include: Same Tab (all links open in the current tab), New Tab (all external links open a new tab and include rel=noopener noreferrer for security), and User Choice (members can choose per link in the post editor). The recommended setting for most communities is New Tab for external links — it keeps members on the forum while allowing them to reference external content, which reduces the bounce rate for external link clicks.

Security Implications of target=_blank

When an external link opens in a new tab using target="_blank", the new tab has access to the opener page's Window object via window.opener by default in older browsers. This creates a security vulnerability where a malicious external page could navigate the opener forum tab to a phishing page. APG vNext prevents this by automatically adding rel="noopener noreferrer" to all external links with target="_blank". The noopener attribute breaks the opener reference in all modern browsers, while noreferrer additionally prevents the Referer header from being sent to the external site (protecting member privacy by not revealing which forum page they linked from).

Overriding Link Target Per Post

Members with the HTML editor capability can override the default link target on individual links by adding or removing the target attribute in the HTML source view of the post editor. For example, to force a link to open in the same tab even if the forum default is set to new tab for external links, add target="_self" explicitly. APG vNext's HTML sanitiser allows the target attribute on anchor tags but strips target values other than _blank and _self to prevent member-authored links from targeting specific named frames.

Indicating External Links Visually

Many forum themes use a small external link icon (↗) appended to external link text to visually signal to readers that clicking will open a new tab. APG vNext supports this via a CSS pseudo-element in the theme stylesheet rather than JavaScript injection, which is faster and works even before JavaScript loads. Add the following to the theme CSS to append an external link icon to all links with target=_blank:

a[target="_blank"]::after {
  content: " ↗";
  font-size: 0.75em;
  opacity: 0.6;
}

Related Resources

Member Education on Link Targets

New members unfamiliar with forum posting conventions may be surprised when clicking a link in a post opens a new tab unexpectedly. Add a brief note to the community guidelines (posted in the Getting Started forum category) explaining the forum's link behaviour: external links open in a new tab to keep you on the forum, while internal links open in the same tab. This transparency reduces confusion and support questions about unexpected browser behaviour. For communities whose members frequently share code repositories, documentation, and external resources, explicitly explaining the external link policy as a feature rather than a bug helps members understand the intent and appreciate that the forum is designed to keep their workflow continuous.

APG vNext Link Sanitisation and Allowed Protocols

APG vNext's HTML sanitiser restricts link protocols to a safe allowlist to prevent javascript: protocol links (XSS via link), data: protocol embeds, and other potentially dangerous URI schemes. The default allowed link protocols are http, https, ftp, mailto, and tel. Links with any other protocol are either stripped or converted to plain text during the sanitisation pass. If your community has a specific use case that requires a non-default protocol (e.g., slack:// deep-links or ms-teams:// protocol links for corporate communities), add the protocol to the allowed list in Admin Panel → Settings → Content → Allowed Link Protocols. Be cautious about adding custom protocols — validate that they cannot be used for XSS or social engineering attacks before adding them to the allowlist.


Looking for more help? Browse the support forum or check the Knowledge Base.