Make WordPress Core


Ignore:
Timestamp:
10/16/2018 04:12:21 AM (6 years ago)
Author:
peterwilsoncc
Message:

Formatting: Add pre-save content filter to make target=_blank always secure.

Props notnownikki, iseulde, azaozz.
Merges [42770] to the 5.0 branch.
Fixes #43187.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r43727 r43732  
    940940                    ),
    941941                    'description' => array(
    942                         'raw'      => '<a href="#" target="_blank">link</a>',
    943                         'rendered' => '<p><a href="#" target="_blank">link</a></p>',
     942                        'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
     943                        'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
    944944                    ),
    945945                    'caption' => array(
    946                         'raw'      => '<a href="#" target="_blank">link</a>',
    947                         'rendered' => '<p><a href="#" target="_blank">link</a></p>',
     946                        'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
     947                        'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
    948948                    ),
    949949                )
Note: See TracChangeset for help on using the changeset viewer.