Earlopain
commented
2 months ago 3 years doesn't seem that long ago, an update to the cops documentation pointing this out seems more appropriate.
Open runephilosof-abtion opened 3 months ago
Earlopain
commented
2 months ago 3 years doesn't seem that long ago, an update to the cops documentation pointing this out seems more appropriate.
runephilosof-abtion
commented
2 months ago I don't think we should be encouraging developers to litter their code with rel=noopener to make it safer for users running three years old browsers. Those users with so old browsers have a ton of remote code execution bugs in their browsers, so whether or not rel=noopener is there, won't make a big difference to them.
Earlopain
commented
2 months ago There no doubt that users with old browser have a plethora of issues and really should update. For me there are still a good chunk that don't do that for one reason or another. I can't tell what the consequences would be for those if this is disabled. If it does anything at all I'd prefer to keep it.
That's just my personal opinion, I don't know when a good point would be to disable this. Maybe now, maybe a year ago already, or just 5 years in the future. :shrug:
This is only a vulnerability in over three years old browsers.
https://github.com/rubocop/rubocop-rails/blob/202d8c1bde34b8a6cf72e8378ef933442c2701a2/config/default.yml#L653
From https://mathiasbynens.github.io/rel-noopener/
So the cop should be disabled.