diff --git a/frontend/src/app/util/dom.cljs b/frontend/src/app/util/dom.cljs
index a170481fc..b6c50eb1b 100644
--- a/frontend/src/app/util/dom.cljs
+++ b/frontend/src/app/util/dom.cljs
@@ -399,7 +399,9 @@
   ([uri]
    (open-new-window uri "_blank"))
   ([uri name]
-   (js/window.open (str uri) name)))
+   ;; Warning: need to protect against reverse tabnabbing attack
+   ;; https://www.comparitech.com/blog/information-security/reverse-tabnabbing/
+   (.open js/window (str uri) name "noopener,noreferrer")))
 
 (defn browser-back
   []