One recommendation that Google’s Lighthouse audits recommend is that
rel="noopener" be added to any external links. There’s an entire article explaining why this is a positive move for both security and performance.
I initially couldn’t figure out how best to do this, but it turns out it’s really simple. CommonMark enables you to specify and register custom renderers and they even have an example of one for adding a class to external links. All I needed to do was slightly modify this to add the
rel="noopener" attribute and I was away.
Posting this here, because when I searched I couldn’t find anything interesting about CommonMark, PHP, and
noopener so I hope it might help someone else.