diff --git a/core/js/public/comments.js b/core/js/public/comments.js
index 955e88c8609251638dfe4382e9735c879f977288..ac0bf8e0ab7aaae034fb73f42f763b4b5bb767e2 100644
--- a/core/js/public/comments.js
+++ b/core/js/public/comments.js
@@ -43,7 +43,7 @@
 				}
 
 				var linkText = url.replace(self.protocolRegex, '');
-				return '<a class="external" target="_blank" href="' + url + '">' + linkText + '</a>';
+				return '<a class="external" target="_blank" rel="noopener noreferrer" href="' + url + '">' + linkText + '</a>';
 			});
 		},