Closed petetnt closed 7 years ago
Hey,
Thanks for your contribution!
I think rel='noopener
is only necessary if the target's value is _blank
.
What do you think?
Hey @srenault,
Yep, it's only needed for blank
. However it doesn't matter much as for the other values (_self
, _top
, _parent
) the window.opener
is null anyway so noopener
doesn't do anything special., so it might be just simpler (and safer) to add noopener
anyways.
This PR adds
rel='noopener'
to links that might containtarget='_blank'
attribute.The
rel='noopener'
attribute prevents possible trivial phishing caused by exposedwindow.opener
. For more information see https://mathiasbynens.github.io/rel-noopener/Signed-off-by: petetnt pete.a.nykanen@gmail.com