URL watcher notification improvements

[afercia]

After recent changes to the URL watcher notification, see #10089, there's room for a couple improvements:

See https://github.com/Yoast/wordpress-seo/blob/6de0ff3d2b9f65e0adc92b9ce6a57703810cfe41/admin/watchers/class-slug-change-watcher.php#L218-L220

• Yoast SEO Premium shouldn't be translatable (2 occurrences)
• the link with target="_blank" should at least inform users it's going to open a new browser's tab
• to evaluate: should the link also use a rel="noopener noreferrer" or maybe just rel="noopener"?

[jonoalderson]

As a universal rule, links which resolve to yoast.com properties should not use noopener or noreferrer.

[afercia]

Re: Yoast SEO Premium, seems there's one more occurrence where it's translatable, in admin/class-help-center.php:

'linkText' => __( 'Get Yoast SEO Premium now »', 'wordpress-seo' )

As far as I see, all the other occurrences are OK.

[afercia]

@jono-alderson thanks. Does noopener affects tracking or statistics in any way? Asking because there's a serious security reason to use noopener (exploitation of the window.opener API.), while 'noreferrer' is used for old browsers (they have many other security issues, so maybe it's a bit pointless). If noopener doesn't create issues, I'd strongly recommend to use it.

[jonoalderson]

Yup, it nukes tracking. But we're linking to a trusted source (yoast.com).

[afercia]

Note: worth noting Gutenberg adds rel="noopener noreferrer" by default to all the links with a target="_blank" attribute, to match what TinyMCE does by default.

[afercia]

It was decided the new pattern to use is:

• use noopener for all the non-yoast.com external links
• omit it for the yoast.com links (including shortened links)

noreferrer is redundant, especially after https://core.trac.wordpress.org/changeset/41741 https://core.trac.wordpress.org/ticket/42036