Web developers have been arguing about target="_blank" for as long as HTML link attributes have existed. The attribute forces a link to open in a new browser window or tab — a decision that some designers make for usability reasons and that many users experience as their browser session being hijacked without consent. DisableTarget was the Firefox extension that gave users control back.
Developed as part of the Palancar suite of Firefox extensions (palancar.net), DisableTarget did exactly what its name promised: it stripped target="_blank" and related target attributes from links before the browser acted on them. Click a link, stay in the same tab. Your browsing session, your architecture.
What DisableTarget Was
DisableTarget intercepted link navigation events in Firefox and removed the target attribute from anchor tags, effectively forcing all links to open in the current tab regardless of what the page’s HTML specified.
The extension addressed a genuine user experience grievance. Many websites — particularly news sites, content portals, and early web applications — applied target="_blank" liberally, sometimes to every external link. The result was browser sessions that accumulated dozens of orphaned tabs, with no navigable back-button history from the newly opened tabs. Users who preferred to manage their own tab/window structure had no browser-native way to override this.
DisableTarget was active through the Firefox 2.x and 3.x era, listed on addons.mozilla.org, and referenced in Firefox productivity guides on several prominent technology publications. It was part of a class of “user autonomy” extensions — alongside ad blockers and script blockers — that made Firefox’s extensibility meaningful for privacy and control-focused users.
The extension operated transparently: once installed, it required no configuration. Links simply stopped forcing new tabs.
How It Worked Technically
DisableTarget used Firefox’s XUL overlay system combined with document event listeners. The technical approach had two parts: catching target attributes before they triggered navigation, and handling dynamically loaded content.
The core mechanism was a DOMContentLoaded listener combined with a DOM mutation observer (in later versions) that walked the page’s anchor elements and stripped any target attribute whose value would have caused a new window or tab to open:
// Simplified representation of the approach
document.addEventListener('DOMContentLoaded', function() {
var links = document.getElementsByTagName('a');
for (var i = 0; i < links.length; i++) {
if (links[i].target === '_blank' || links[i].target === '_new') {
links[i].removeAttribute('target');
}
}
}, false);
The extension also needed to handle the window.open() call pattern, which JavaScript-driven links used to bypass the anchor tag entirely. This required intercepting the browser’s window opening mechanism at a lower level — something XUL extensions could do via XPCOM but that WebExtensions handle differently.
The XUL extension architecture ran with elevated privileges inside Firefox’s own process, making this kind of low-level DOM and navigation interception straightforward. Extensions were essentially trusted plugins rather than sandboxed scripts.
A good technical archive of this era’s extension development model is available on web.archive.org.
The target="_blank" Problem Today
The target="_blank" debate never fully resolved. What did change is the security framing.
In 2017, security researchers documented that target="_blank" without rel="noopener" created a cross-origin access vulnerability: the newly opened tab could access the window.opener property of the originating tab, potentially allowing the new page to navigate the original tab (a technique used in phishing attacks). This is sometimes called “tab-napping.”
Major browsers eventually patched this by making rel="noopener" the implicit default for target="_blank" links — Chrome did so in version 88 (2021), Firefox followed. The security issue is largely resolved in modern browsers.
But the user control issue — whether links should be able to force new tabs — was never really addressed by browser vendors as a first-class setting. Users who don’t want new tabs opened still have to manage this themselves.
Why It Was Discontinued
DisableTarget’s discontinuation followed the same pattern as most XUL-era extensions. The Firefox Quantum release (version 57, November 2017) dropped XUL/XPCOM extension support entirely. Extensions that hadn’t migrated to the WebExtensions API stopped functioning.
Palancar’s extensions were personal developer tools maintained as open-source contributions rather than commercially supported software. The migration effort required rewriting the extension from scratch in the new API format — a significant investment for a tool that had already served its purpose for the developer.
Additionally, browsers had become slightly better at managing this themselves. Firefox’s “Open Link in Current Tab” option from the context menu gave users a workaround, even if it wasn’t the automatic behavior DisableTarget provided.
What Replaced It
The behavior DisableTarget provided is now available through multiple WebExtension alternatives, as well as partially through browser settings.
Modern WebExtension equivalents:
- Disable Target Blank — several extensions on addons.mozilla.org replicate the core functionality using the modern API, injecting content scripts that strip
targetattributes - Link Target and Rel — provides configurable control over link target behavior
Browser-native alternatives:
Firefox’s browser.link.open_newwindow and browser.link.open_newwindow.restriction preferences (accessible via about:config) give granular control over what happens when a link specifies a new window or tab. Setting browser.link.open_newwindow to 1 forces all such links into the current tab:
browser.link.open_newwindow = 1
browser.link.open_newwindow.restriction = 0
This is effectively the browser-native version of what DisableTarget did — though it requires a about:config edit rather than a simple extension install.
If You’re Building Something Similar Today
The modern WebExtensions approach uses a content script injected into all pages:
// content.js — injected into all pages via manifest.json
function stripTargetAttributes() {
document.querySelectorAll('a[target="_blank"], a[target="_new"]').forEach(link => {
link.removeAttribute('target');
});
}
// Handle initial page load
document.addEventListener('DOMContentLoaded', stripTargetAttributes);
// Handle dynamically added content
const observer = new MutationObserver(() => stripTargetAttributes());
observer.observe(document.body, { childList: true, subtree: true });
The manifest needs:
{
"content_scripts": [{
"matches": ["<all_urls>"],
"js": ["content.js"],
"run_at": "document_start"
}]
}
The permission to inject into all pages requires the <all_urls> host permission, which modern browsers flag with a warning to users during installation. The WebExtensions content scripts documentation covers this in detail.
Note that window.open() calls from JavaScript cannot be intercepted by a content script alone — that requires background script handling via the webNavigation API and is considerably more complex. Most modern equivalents focus on anchor tag stripping, which covers the majority of real-world cases.
A Persistent Problem
DisableTarget solved a problem that browsers never fully addressed as a native user preference. The security risk of target="_blank" got fixed; the user experience issue of forced tab opening did not. Users who want every link to stay in the current tab still need an extension to enforce that preference.
That’s actually a reasonable scope for an extension. Not every user preference should be a browser setting. DisableTarget was a clean, single-purpose tool that did exactly one thing, did it transparently, and asked nothing of the user after installation. It’s a good model for what a simple browser extension should be.
The original palancar.net extension page is preserved at web.archive.org.