detection of rel="noopener noreferrer" on target="_blank" links

mozilla / http-observatory

Mozilla HTTP Observatory

https://observatory.mozilla.org/

Mozilla Public License 2.0

1.86k stars 170 forks source link

detection of rel="noopener noreferrer" on target="_blank" links #217

Open april opened 7 years ago

april commented 7 years ago

Hi there,

I wonder if it could be possible to add a test that detects every link with a target="_blank" also have rel="noopener noreferrer" ? (See https://mathiasbynens.github.io/rel-noopener/ for example of security issue that it creates)

Thanks a lot for reading this ;) Nicolas

Moved from: https://github.com/mozilla/http-observatory-website/issues/94

april commented 7 years ago

Not a bad idea, I'll add it to the list. :)

Malvoz commented 5 years ago

Note that rel="opener" is a new link relation (rel is also supported in the <form> element now, if that'd matter for how the check is implemented).

Additionally, this is related to https://github.com/mozilla/http-observatory/issues/359.

Malvoz commented 5 years ago

Actually, noopener should be default in browsers per https://github.com/whatwg/html/pull/4330/files, so I suppose you'd perhaps want to give a negative score for rel="opener" instead of giving positive score for rel="noopener".