Links to cross-origin destinations are unsafe

vinitshahdeo commented 4 years ago

<a class="nav-link" target="_blank" href="//store.publiclab.org" >

When you link to a page on another site using the target="_blank" attribute, you can expose your site to performance and security issues:

The other page may run on the same process as your page. If the other page is running a lot of JavaScript, your page's performance may suffer.
The other page can access your window object with the window.opener property. This may allow the other page to redirect your page to a malicious URL.

Adding rel="noopener" or rel="noreferrer" to your target="_blank" links avoids these issues.

noreferrer: It is used to Specify that the browser should not send an HTTP referer header if the user follows the hyperlink.

sakshi-2412 commented 2 years ago

I would like to work on this issue. This should be done for every link tag with target="_blank" attribute right?

sakshi-2412 commented 2 years ago

@govindgoel can you confirm please. Thanks!

govindgoel commented 2 years ago

@sakshi-2412 I think we can check if it is done before or not else work on this. Thanks

sakshi-2412 commented 2 years ago

Yes I checked, and rel="noreferrer" is not added for almost all of the link tags with target="_blank" attribute. I'll make a PR soon. Thanks ✨

publiclab / plots2