Make WordPress Core


Ignore:
Timestamp:
10/16/2018 04:12:21 AM (6 years ago)
Author:
peterwilsoncc
Message:

Formatting: Add pre-save content filter to make target=_blank always secure.

Props notnownikki, iseulde, azaozz.
Merges [42770] to the 5.0 branch.
Fixes #43187.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/5.0/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r43727 r43732  
    29252925                    ),
    29262926                    'content' => array(
    2927                         'raw'      => '<a href="#" target="_blank">link</a>',
    2928                         'rendered' => '<p><a href="#" target="_blank">link</a></p>',
     2927                        'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
     2928                        'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
    29292929                    ),
    29302930                    'excerpt' => array(
    2931                         'raw'      => '<a href="#" target="_blank">link</a>',
    2932                         'rendered' => '<p><a href="#" target="_blank">link</a></p>',
     2931                        'raw'      => '<a href="#" target="_blank" rel="noopener noreferrer">link</a>',
     2932                        'rendered' => '<p><a href="#" target="_blank" rel="noopener noreferrer">link</a></p>',
    29332933                    ),
    29342934                )
Note: See TracChangeset for help on using the changeset viewer.