add rel="noopener noreferrer" to links for security #6
Conversation
add rel="noopener noreferrer" to links for security
|
I am not using site-kit yet but really this should go in Line 53 rather than line 60 as it is only necessary for target blank. So Line 53: target_attr = ' target="_blank"';...would become... target_attr = ' target="_blank" rel="noopener noreferrer"';...and line 60 could revert to: return `<a href="${href}"${target_attr}${title_attr}>${text}</a>`;I could add the commit if you want to add me as a collaborator on your fork, but probably just as easy to do yourself, your call. |
|
That said, I question the use of target blank. I see it as part of a hostile user experience pattern that breaks the back button. Further reading, if so inclined... Usability: Security: |
|
@rdela target blank is probably a separate issue and should be raised as such |
add rel="noopener noreferrer" to links for security
lighthouse caught this, i assume you know what it is already but let me know if a further justificaiton is needed