Image links opening new windows do not get rel=nooopener security feature

[aardrian]

Describe the bug
If I add a link to an image that opens in a new window, it does not get the rel="noreferrer noopener" attribute.

To reproduce
Steps to reproduce the behavior:

1. Go to https://wordpress.org/gutenberg/
2. Add an image or choose an existing image.
3. Make the image a hyperlink to an off-site URL.
4. Choose to Open in New Tab.
5. Change to Edit as HTML.

Expected behavior
As with text links that open new windows, rel="noreferrer noopener" should be added to the link (since it has target="_blank"). It does not have the attribute.

Eg (screen shots below):

<a href="https://example.com/" target="_blank"><img src="https://www.fillmurray.com/300/200" alt=""/></a>

Screenshots

Desktop

• OS: Windows
• Browser: Firefox 72, Chrome 79

[ehti]

Hey @aardrian,

After adding the link, if you check on the frontend, the rel="noopener noreferrer" attribute is actually there. Or even if you refresh the editor after saving/updating, you'll see it there.

The issue seems to be that if you immediately check its HTML source, yes, it doesn't show up in the editor. The related issue for it is #9731 so closing this one.

Thank you!