Add rel="noopener noreferrer" to external links #3175
Conversation
It is more secure to add `rel="noopener noreferrer"` to links with `target="_blank"`.
tvdeyen
added
backport-to-7.1-stable
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3175 +/- ##
=======================================
Coverage 96.58% 96.59%
=======================================
Files 236 237 +1
Lines 6360 6371 +11
=======================================
+ Hits 6143 6154 +11
Misses 217 217 ☔ View full report in Codecov by Sentry. |
| target: (ingredient.link_target == "blank") ? "_blank" : nil, | ||
| data: {link_target: ingredient.link_target.presence} | ||
| rel: link_rel_value(target), | ||
| target: |
There was a problem hiding this comment.
When a link's target attribute is set to blank (without an underscore), clicking the link twice will open it twice in the same window. However, when the target is set to _blank (with an underscore), clicking twice will open the link in two separate new windows.
The _blank behavior is more predictable and is what users typically expect. Looking at line 51 of the code, it appears Alchemy is saving the value as "blank" (without the underscore), though I'm not certain if this is the intended behavior.
| REL_VALUE = "noopener noreferrer" | ||
|
|
||
| def link_rel_value(target) | ||
| if target == "_blank" |
There was a problem hiding this comment.
| if target == "_blank" | |
| if target == "_blank" || target == "blank" |
What is this pull request for?
It is more secure to add
rel="noopener noreferrer"to links withtarget="_blank".