I was hoping to have some code in place to prevent phishing attacks, by adding rel="noopener and noreferrer" when adding target="_blank".
I'm not exactly an amazing javascript developer, but I figured submitting a patch is probably better than not submitting one, so here's hoping this isn't awful.
It shouldn't override any other rel values already set by the user.
Edit: It occurred to me that I should probably add an explanation and example.
Comment | File | Size | Author |
---|---|---|---|
#8 | extlink-secure-target-blank-2792603-8.patch | 1.37 KB | kulonlz |
#2 | 2792603-1.patch | 1.24 KB | kulonlz |
Comments
Comment #2
kulonlz CreditAttribution: kulonlz as a volunteer commentedComment #3
kulonlz CreditAttribution: kulonlz as a volunteer commentedComment #5
elachlan CreditAttribution: elachlan commentedThanks for the patch, the example was very helpful.
Comment #6
elachlan CreditAttribution: elachlan commentedCould you also do a patch up for 8.x?
Comment #7
kulonlz CreditAttribution: kulonlz as a volunteer commentedSure thing. :-)
Comment #8
kulonlz CreditAttribution: kulonlz as a volunteer commentedShould be better naming convention for this one.
Comment #9
kulonlz CreditAttribution: kulonlz as a volunteer commentedIs there a reason this (see code below) is added twice for 8.x? Also, would you prefer a separate issue for the 8.x patch?
if(drupalSettings.data.extlink.extTarget)
Comment #10
elachlan CreditAttribution: elachlan commentedYou can create a separate issue if you wish.
Normally we do changes to the newest version (8.x) first then backport it.
Comment #11
kulonlz CreditAttribution: kulonlz as a volunteer commentedWill do. Thank you for taking the time to answer me.
In my defense, that was the newest version at the time. :-)
Comment #12
elachlan CreditAttribution: elachlan commented