Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Using target _blank is not safe. See more info here: https://web.dev/external-anchors-use-rel-noopener
Proposed resolution
Adding rel noopener when adding a target _blank.
Comment | File | Size | Author |
---|---|---|---|
#16 | 3299750-16.patch | 3.68 KB | Anybody |
Issue fork link_attributes-3299750
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #2
guardiola86 CreditAttribution: guardiola86 commentedComment #4
anoopsingh92Hi @guardiola86, I am reviewing the #2 patch. Thank you
Comment #5
anoopsingh92Hi @guardiola86, Getting this when I apply the #2 patch.
Comment #6
larowlanWe should check there's not already a value set in case someone wants to override it manually
Comment #7
AnybodyInteresting learning! I didn't know this yet. Cool!
Agree with #6 and this should be done as MR, please.
@guardiola86 @anoopsingh92 would you do that?
Comment #9
anoopsingh92I have done @Anybody, Please review the Merge request !6
Thanks
Comment #10
Anybody@anoopsingh92 thank you! Still needs the additional check from #6.
Comment #12
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedAdded an empty check, please review.
Comment #13
AnybodyThanks @Grevil, looks good! I think to be 100% safe we should have a simple test here for both values to be present, if
target="_blank"
is selected.If that goes green, RTBC from my side. Code LGTM already!
Comment #14
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commented@Anybody, I agree! Furthermore, we should allow testing inside issues, as the first patch applied here failed.
Comment #15
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedDone, please review, tests should be green now.
Comment #16
AnybodyTesting seems to work with patch files here manually, not with MR's. Let's try! :)
Comment #17
AnybodyCode LGTM and tests pass, thank you @Grevil! RTBC! Let's see what @larowlan says.
Comment #18
larowlanThis is looking good, can we add an extra test case for when target is blank, but a value of rel is already set?
Thanks!
Comment #19
Anybody@larowlan totally makes sense! @Grevil could you add that one please? Shouldn't be too hard anymore, I hope.
Comment #20
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedDone, please review!
Comment #21
AnybodyNice work @Grevil, this proves that the value is "nofollow" and even with target="_blank" is not "noopener"!
The comment is also important here. Thanks!
Comment #22
AnybodyFYI: https://developer.chrome.com/docs/lighthouse/best-practices/external-anc...
So changing this to minor. @larowlan should decide if we should do this anyway or keep it as it was before and let the browsers do their work.
Perhaps @guardiola86 could check this for the major browsers: Firefox, Safari, Edge?
Comment #23
Anybody@larowlan as of #22 I'd vote to set this won't fix and leave it to the browsers.
If you'd like to add this anyway, it's RTBC'd and fine, I think.
Comment #24
larowlanYes, if we can confirm Firefox is the same, I'd prefer to close this as is and avoid the extra complexity
Comment #25
larowlanComment #26
Grevil CreditAttribution: Grevil as a volunteer and at DROWL.de commentedYes, I can confirm, that Firefox also has this feature implemented in their 79 release! See https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/79#html
I guess I will set this "RTBC" to confirm that this can be closed?
Comment #27
AnybodyThanks @Grevil, so I'll set it won't fix as of #24
Comment #28
larowlanThanks!