Make WordPress Core


Ignore:
Timestamp:
10/19/2020 11:37:53 PM (4 years ago)
Author:
SergeyBiryukov
Message:

General: Remove noreferrer from wp_targeted_link_rel() and other uses.

When noopener noreferrer was originally added in #37941 and related tickets, the noreferrer bit was specifically included due to Firefox not supporting noopener at the time.

Since noopener has been supported by all major browsers for a while, it should now be safe to remove the noreferrer attribute from core.

Props Mista-Flo, audrasjb, joostdevalk, jonoaldersonwp, peterwilsoncc, elgameel.
Fixes #49558.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/formatting/WPTargetedLinkRel.php

    r48937 r49215  
    99    public function test_add_to_links_with_target_blank() {
    1010        $content  = '<p>Links: <a href="/" target="_blank">No rel</a></p>';
    11         $expected = '<p>Links: <a href="/" target="_blank" rel="noopener noreferrer">No rel</a></p>';
     11        $expected = '<p>Links: <a href="/" target="_blank" rel="noopener">No rel</a></p>';
    1212        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    1313    }
     
    1515    public function test_add_to_links_with_target_foo() {
    1616        $content  = '<p>Links: <a href="/" target="foo">No rel</a></p>';
    17         $expected = '<p>Links: <a href="/" target="foo" rel="noopener noreferrer">No rel</a></p>';
     17        $expected = '<p>Links: <a href="/" target="foo" rel="noopener">No rel</a></p>';
    1818        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    1919    }
     
    2121    public function test_target_as_first_attribute() {
    2222        $content  = '<p>Links: <a target="_blank" href="#">No rel</a></p>';
    23         $expected = '<p>Links: <a target="_blank" href="#" rel="noopener noreferrer">No rel</a></p>';
     23        $expected = '<p>Links: <a target="_blank" href="#" rel="noopener">No rel</a></p>';
    2424        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    2525    }
     
    2727    public function test_add_to_existing_rel() {
    2828        $content  = '<p>Links: <a href="/" rel="existing values" target="_blank">Existing rel</a></p>';
    29         $expected = '<p>Links: <a href="/" rel="existing values noopener noreferrer" target="_blank">Existing rel</a></p>';
     29        $expected = '<p>Links: <a href="/" rel="existing values noopener" target="_blank">Existing rel</a></p>';
    3030        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    3131    }
     
    3333    public function test_no_duplicate_values_added() {
    3434        $content  = '<p>Links: <a href="/" rel="existing noopener values" target="_blank">Existing rel</a></p>';
    35         $expected = '<p>Links: <a href="/" rel="existing noopener values noreferrer" target="_blank">Existing rel</a></p>';
     35        $expected = '<p>Links: <a href="/" rel="existing noopener values" target="_blank">Existing rel</a></p>';
    3636        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    3737    }
     
    3939    public function test_rel_with_single_quote_delimiter() {
    4040        $content  = '<p>Links: <a href="/" rel=\'existing values\' target="_blank">Existing rel</a></p>';
    41         $expected = '<p>Links: <a href="/" rel="existing values noopener noreferrer" target="_blank">Existing rel</a></p>';
     41        $expected = '<p>Links: <a href="/" rel="existing values noopener" target="_blank">Existing rel</a></p>';
    4242        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    4343    }
     
    4545    public function test_rel_with_no_delimiter() {
    4646        $content  = '<p>Links: <a href="/" rel=existing target="_blank">Existing rel</a></p>';
    47         $expected = '<p>Links: <a href="/" rel="existing noopener noreferrer" target="_blank">Existing rel</a></p>';
     47        $expected = '<p>Links: <a href="/" rel="existing noopener" target="_blank">Existing rel</a></p>';
    4848        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    4949    }
     
    5151    public function test_rel_value_spaced_and_no_delimiter() {
    5252        $content  = '<p>Links: <a href="/" rel = existing target="_blank">Existing rel</a></p>';
    53         $expected = '<p>Links: <a href="/" rel="existing noopener noreferrer" target="_blank">Existing rel</a></p>';
     53        $expected = '<p>Links: <a href="/" rel="existing noopener" target="_blank">Existing rel</a></p>';
    5454        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    5555    }
     
    5757    public function test_escaped_quotes() {
    5858        $content  = '<p>Links: <a href=\"/\" rel=\"existing values\" target=\"_blank\">Existing rel</a></p>';
    59         $expected = '<p>Links: <a href=\"/\" rel=\"existing values noopener noreferrer\" target=\"_blank\">Existing rel</a></p>';
     59        $expected = '<p>Links: <a href=\"/\" rel=\"existing values noopener\" target=\"_blank\">Existing rel</a></p>';
    6060        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    6161    }
     
    6363    public function test_ignore_links_with_no_target() {
    6464        $content  = '<p>Links: <a href="/" target="_blank">Change me</a> <a href="/">Do not change me</a></p>';
    65         $expected = '<p>Links: <a href="/" target="_blank" rel="noopener noreferrer">Change me</a> <a href="/">Do not change me</a></p>';
     65        $expected = '<p>Links: <a href="/" target="_blank" rel="noopener">Change me</a> <a href="/">Do not change me</a></p>';
    6666        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    6767    }
     
    8686    public function test_wp_targeted_link_rel_filters_run() {
    8787        $content  = '<p>Links: <a href="/" target="_blank">No rel</a></p>';
    88         $expected = '<p>Links: <a href="/" target="_blank" rel="noopener noreferrer">No rel</a></p>';
     88        $expected = '<p>Links: <a href="/" target="_blank" rel="noopener">No rel</a></p>';
    8989
    9090        $post = $this->factory()->post->create_and_get(
     
    104104    public function test_wp_targeted_link_rel_should_preserve_json() {
    105105        $content  = '<p>Links: <a href=\"\/\" target=\"_blank\">No rel<\/a><\/p>';
    106         $expected = '<p>Links: <a href=\"\/\" target=\"_blank\" rel=\"noopener noreferrer\">No rel<\/a><\/p>';
     106        $expected = '<p>Links: <a href=\"\/\" target=\"_blank\" rel=\"noopener\">No rel<\/a><\/p>';
    107107        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    108108    }
     
    115115    public function test_wp_targeted_link_rel_skips_style_and_scripts() {
    116116        $content  = '<style><a href="/" target=a></style><p>Links: <script>console.log("<a href=\'/\' target=a>hi</a>");</script><script>alert(1);</script>here <a href="/" target=_blank>aq</a></p><script>console.log("<a href=\'last\' target=\'_blank\'")</script>';
    117         $expected = '<style><a href="/" target=a></style><p>Links: <script>console.log("<a href=\'/\' target=a>hi</a>");</script><script>alert(1);</script>here <a href="/" target="_blank" rel="noopener noreferrer">aq</a></p><script>console.log("<a href=\'last\' target=\'_blank\'")</script>';
     117        $expected = '<style><a href="/" target=a></style><p>Links: <script>console.log("<a href=\'/\' target=a>hi</a>");</script><script>alert(1);</script>here <a href="/" target="_blank" rel="noopener">aq</a></p><script>console.log("<a href=\'last\' target=\'_blank\'")</script>';
    118118        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    119119    }
     
    132132    public function test_wp_targeted_link_rel_tab_separated_values_are_split() {
    133133        $content  = "<p>Links: <a href=\"/\" target=\"_blank\" rel=\"ugc\t\tnoopener\t\">No rel</a></p>";
    134         $expected = '<p>Links: <a href="/" target="_blank" rel="ugc noopener noreferrer">No rel</a></p>';
     134        $expected = '<p>Links: <a href="/" target="_blank" rel="ugc noopener">No rel</a></p>';
    135135        $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    136136    }
Note: See TracChangeset for help on using the changeset viewer.