When opened from the webapp, a malicious target page could trigger
navigation in the KeeWeb's tab using `window.opener`.
The proper way to fix this would be using `rel=noopener`, but
unfortunately even the latest versions of IE do not support it.
At the same time `rel=noreferrer`, for historical reasons, implies
`rel=noopener` when used with `target=blank` and is supported
by IE11 (in later versions of Windows 10) and Edge.
More details and examples of the attack
at [Mathias Bynens' website](https://mathiasbynens.github.io/rel-noopener/).