The title is a bit of an exaggeration, but it’s partly true if you don’t use the correct properties in your HTML elements.
In HTML, you should be using
rel="noopener noreferrer" along with
target="_blank" in your
<a> tags - if not, you run major security risks. This GitHub Pages site shows you how: https://apal21.github.io/target-blank/
Many linters will catch this if it’s not set, so make sure that you’re using a linter when you write your code.