WordPress.org
Get WordPress

Make WordPress Core

Changeset 59120


Ignore:
Timestamp:
09/30/2024 05:17:54 AM (7 days ago)
Author:
peterwilsoncc
Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

  • wp_targeted_link_rel()
  • wp_targeted_link_rel_callback()
  • wp_init_targeted_link_rel_filters(): converted to a noop function
  • wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

Location:
trunk
Files:
22 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/js/_enqueues/lib/link.js

    r58450 r59120  
    324324
    325325            if ( attrs.target ) {
    326                 html += ' rel="noopener" target="' + attrs.target + '"';
     326                html += ' target="' + attrs.target + '"';
    327327            }
    328328

  • trunk/src/js/_enqueues/vendor/tinymce/plugins/wplink/plugin.js

    r58146 r59120  
    55            return (
    66                '<div id="' + this._id + '" class="wp-link-preview">' +
    7                     '<a href="' + this.url + '" target="_blank" rel="noopener" tabindex="-1">' + this.url + '</a>' +
     7                    '<a href="' + this.url + '" target="_blank" tabindex="-1">' + this.url + '</a>' +
    88                '</div>'
    99            );

  • trunk/src/wp-admin/includes/class-wp-site-health.php

    r58913 r59120  
    747747            ),
    748748            'actions'     => sprintf(
    749                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     749                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    750750                esc_url( wp_get_update_php_url() ),
    751751                __( 'Learn more about updating PHP' ),
     
    893893                    /* translators: Localized team handbook, if one exists. */
    894894                    esc_url( __( 'https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions' ) ),
    895                     'target="_blank" rel="noopener"',
     895                    'target="_blank"',
    896896                    sprintf(
    897897                        '<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span>',
     
    12191219            ),
    12201220            'actions'     => sprintf(
    1221                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1221                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    12221222                /* translators: Localized version of WordPress requirements if one exists. */
    12231223                esc_url( __( 'https://wordpress.org/about/requirements/' ) ),
     
    13361336
    13371337            $result['actions'] = sprintf(
    1338                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1338                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    13391339                /* translators: Localized Support reference. */
    13401340                esc_url( __( 'https://wordpress.org/support/forums/' ) ),
     
    13741374            ),
    13751375            'actions'     => sprintf(
    1376                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1376                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    13771377                /* translators: Documentation explaining debugging in WordPress. */
    13781378                esc_url( __( 'https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/' ) ),
     
    14561456            ),
    14571457            'actions'     => sprintf(
    1458                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1458                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    14591459                esc_url( $default_update_url ),
    14601460                __( 'Learn more about why you should use HTTPS' ),
     
    15401540                    if ( ! empty( $direct_update_url ) ) {
    15411541                        $result['actions'] = sprintf(
    1542                             '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1542                            '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    15431543                            esc_url( $direct_update_url ),
    15441544                            __( 'Update your site to use HTTPS' ),
     
    15591559                if ( $update_url !== $default_update_url ) {
    15601560                    $result['description'] .= sprintf(
    1561                         '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     1561                        '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    15621562                        esc_url( $update_url ),
    15631563                        __( 'Talk to your web host about supporting HTTPS for your website.' ),
     
    23652365        } else {
    23662366            $result['actions'] .= sprintf(
    2367                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     2367                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    23682368                __( 'https://developer.wordpress.org/rest-api/frequently-asked-questions/#why-is-authentication-not-working' ),
    23692369                __( 'Learn how to configure the Authorization header.' ),
     
    23982398            'label'       => '',
    23992399            'actions'     => sprintf(
    2400                 '<p><a href="%1$s" target="_blank" rel="noopener noreferrer">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     2400                '<p><a href="%1$s" target="_blank" rel="noreferrer">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    24012401                __( 'https://developer.wordpress.org/advanced-administration/performance/optimization/#caching' ),
    24022402                __( 'Learn more about page cache' ),
     
    25242524            ),
    25252525            'actions'     => sprintf(
    2526                 '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
     2526                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
    25272527                esc_url( $action_url ),
    25282528                __( 'Learn more about persistent object caching.' ),
     
    26722672        $result['actions'] = sprintf(
    26732673            /* translators: 1: HelpHub URL, 2: Link description. */
    2674             '<p><a target="_blank" rel="noopener" href="%1$s">%2$s</a></p>',
     2674            '<p><a target="_blank" href="%1$s">%2$s</a></p>',
    26752675            esc_url( __( 'https://developer.wordpress.org/advanced-administration/performance/optimization/#autoloaded-options' ) ),
    26762676            __( 'More info about optimizing autoloaded options' )

  • trunk/src/wp-admin/includes/dashboard.php

    r58975 r59120  
    19131913        <?php
    19141914        printf(
    1915             '<a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a>',
     1915            '<a class="button button-primary" href="%1$s" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a>',
    19161916            esc_url( wp_get_update_php_url() ),
    19171917            __( 'Learn more about updating PHP' ),

  • trunk/src/wp-admin/includes/media.php

    r58373 r59120  
    32443244            /* translators: Localized tutorial, if one exists. W3C Web Accessibility Initiative link has list of existing translations. */
    32453245            esc_url( __( 'https://www.w3.org/WAI/tutorials/images/decision-tree/' ) ),
    3246             'target="_blank" rel="noopener"',
     3246            'target="_blank"',
    32473247            sprintf(
    32483248                '<span class="screen-reader-text"> %s</span>',

  • trunk/src/wp-includes/class-walker-nav-menu.php

    r56067 r59120  
    216216        $atts['title']  = ! empty( $menu_item->attr_title ) ? $menu_item->attr_title : '';
    217217        $atts['target'] = ! empty( $menu_item->target ) ? $menu_item->target : '';
    218         if ( '_blank' === $menu_item->target && empty( $menu_item->xfn ) ) {
    219             $atts['rel'] = 'noopener';
    220         } else {
    221             $atts['rel'] = $menu_item->xfn;
    222         }
     218        $atts['rel']    = ! empty( $menu_item->xfn ) ? $menu_item->xfn : '';
    223219
    224220        if ( ! empty( $menu_item->url ) ) {

  • trunk/src/wp-includes/comment.php

    r59039 r59120  
    37673767                    $value = get_comment_link( $comment->comment_ID );
    37683768                    $value = sprintf(
    3769                         '<a href="%s" target="_blank" rel="noopener">%s</a>',
     3769                        '<a href="%s" target="_blank">%s</a>',
    37703770                        esc_url( $value ),
    37713771                        esc_html( $value )

  • trunk/src/wp-includes/default-filters.php

    r59083 r59120  
    153153    add_filter( $filter, 'balanceTags', 50 );
    154154}
    155 
    156 // Add proper rel values for links with target.
    157 add_action( 'init', 'wp_init_targeted_link_rel_filters' );
    158155
    159156// Format strings for display.

  • trunk/src/wp-includes/formatting.php

    r58889 r59120  
    32953295 * @since 5.1.0
    32963296 * @since 5.6.0 Removed 'noreferrer' relationship.
     3297 * @deprecated 6.7.0
    32973298 *
    32983299 * @param string $text Content that may contain HTML A elements.
     
    33003301 */
    33013302function wp_targeted_link_rel( $text ) {
     3303    _deprecated_function( __FUNCTION__, '6.7.0' );
     3304
    33023305    // Don't run (more expensive) regex if no links with targets.
    33033306    if ( stripos( $text, 'target' ) === false || stripos( $text, '<a ' ) === false || is_serialized( $text ) ) {
     
    33333336 * @since 5.1.0
    33343337 * @since 5.6.0 Removed 'noreferrer' relationship.
     3338 * @deprecated 6.7.0
    33353339 *
    33363340 * @param array $matches Single match.
     
    33383342 */
    33393343function wp_targeted_link_rel_callback( $matches ) {
     3344    _deprecated_function( __FUNCTION__, '6.7.0' );
     3345
    33403346    $link_html          = $matches[1];
    33413347    $original_link_html = $link_html;
     
    33843390 *
    33853391 * @since 5.1.0
     3392 * @deprecated 6.7.0
    33863393 */
    33873394function wp_init_targeted_link_rel_filters() {
    3388     $filters = array(
    3389         'title_save_pre',
    3390         'content_save_pre',
    3391         'excerpt_save_pre',
    3392         'content_filtered_save_pre',
    3393         'pre_comment_content',
    3394         'pre_term_description',
    3395         'pre_link_description',
    3396         'pre_link_notes',
    3397         'pre_user_description',
    3398     );
    3399 
    3400     foreach ( $filters as $filter ) {
    3401         add_filter( $filter, 'wp_targeted_link_rel' );
    3402     }
     3395    _deprecated_function( __FUNCTION__, '6.7.0' );
    34033396}
    34043397
     
    34073400 *
    34083401 * @since 5.1.0
     3402 * @deprecated 6.7.0
    34093403 */
    34103404function wp_remove_targeted_link_rel_filters() {
    3411     $filters = array(
    3412         'title_save_pre',
    3413         'content_save_pre',
    3414         'excerpt_save_pre',
    3415         'content_filtered_save_pre',
    3416         'pre_comment_content',
    3417         'pre_term_description',
    3418         'pre_link_description',
    3419         'pre_link_notes',
    3420         'pre_user_description',
    3421     );
    3422 
    3423     foreach ( $filters as $filter ) {
    3424         remove_filter( $filter, 'wp_targeted_link_rel' );
    3425     }
     3405    _deprecated_function( __FUNCTION__, '6.7.0' );
    34263406}
    34273407

  • trunk/src/wp-includes/functions.php

    r59107 r59120  
    85188518    echo '<p class="button-container">';
    85198519    printf(
    8520         '<a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a>',
     8520        '<a class="button button-primary" href="%1$s" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a>',
    85218521        esc_url( $direct_update_url ),
    85228522        __( 'Update PHP' ),

  • trunk/src/wp-includes/media-template.php

    r58947 r59120  
    162162        /* translators: Localized tutorial, if one exists. W3C Web Accessibility Initiative link has list of existing translations. */
    163163        esc_url( __( 'https://www.w3.org/WAI/tutorials/images/decision-tree/' ) ),
    164         'target="_blank" rel="noopener"',
     164        'target="_blank"',
    165165        sprintf(
    166166            '<span class="screen-reader-text"> %s</span>',

  • trunk/src/wp-includes/widgets/class-wp-widget-custom-html.php

    r56196 r59120  
    149149        /** This filter is documented in wp-includes/widgets/class-wp-widget-text.php */
    150150        $content = apply_filters( 'widget_text', $instance['content'], $simulated_text_widget_instance, $this );
    151 
    152         // Adds 'noopener' relationship, without duplicating values, to all HTML A elements that have a target.
    153         $content = wp_targeted_link_rel( $content );
    154151
    155152        /**

  • trunk/src/wp-includes/widgets/class-wp-widget-media-image.php

    r56690 r59120  
    289289            $link .= $image;
    290290            $link .= '</a>';
    291             $image = wp_targeted_link_rel( $link );
     291            $image = $link;
    292292        }
    293293

  • trunk/src/wp-includes/widgets/class-wp-widget-text.php

    r56597 r59120  
    335335        $text = preg_replace_callback( '#<(video|iframe|object|embed)\s[^>]*>#i', array( $this, 'inject_video_max_width_style' ), $text );
    336336
    337         // Adds 'noopener' relationship, without duplicating values, to all HTML A elements that have a target.
    338         $text = wp_targeted_link_rel( $text );
    339 
    340337        ?>
    341338            <div class="textwidget"><?php echo $text; ?></div>

  • trunk/src/wp-login.php

    r59027 r59120  
    698698
    699699                printf(
    700                     '<a href="%s" rel="noopener" target="_blank">%s%s</a>',
     700                    '<a href="%s" target="_blank">%s%s</a>',
    701701                    esc_url( $admin_email_help_url ),
    702702                    __( 'Why is this important?' ),
     
    16301630                        if ( links[i].href ) {
    16311631                            links[i].target = '_blank';
    1632                             links[i].rel = 'noopener';
    16331632                        }
    16341633                    }

  • trunk/tests/phpunit/tests/formatting/wpTargetedLinkRel.php

    r56547 r59120  
    1 <?php
    2 
    3 /**
    4  * @group formatting
    5  * @ticket 43187
    6  *
    7  * @covers ::wp_targeted_link_rel
    8  */
    9 class Tests_Formatting_wpTargetedLinkRel extends WP_UnitTestCase {
    10 
    11     public function test_add_to_links_with_target_blank() {
    12         $content  = '<p>Links: <a href="/" target="_blank">No rel</a></p>';
    13         $expected = '<p>Links: <a href="/" target="_blank" rel="noopener">No rel</a></p>';
    14         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    15     }
    16 
    17     public function test_add_to_links_with_target_foo() {
    18         $content  = '<p>Links: <a href="/" target="foo">No rel</a></p>';
    19         $expected = '<p>Links: <a href="/" target="foo" rel="noopener">No rel</a></p>';
    20         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    21     }
    22 
    23     public function test_target_as_first_attribute() {
    24         $content  = '<p>Links: <a target="_blank" href="#">No rel</a></p>';
    25         $expected = '<p>Links: <a target="_blank" href="#" rel="noopener">No rel</a></p>';
    26         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    27     }
    28 
    29     public function test_add_to_existing_rel() {
    30         $content  = '<p>Links: <a href="/" rel="existing values" target="_blank">Existing rel</a></p>';
    31         $expected = '<p>Links: <a href="/" rel="existing values noopener" target="_blank">Existing rel</a></p>';
    32         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    33     }
    34 
    35     public function test_no_duplicate_values_added() {
    36         $content  = '<p>Links: <a href="/" rel="existing noopener values" target="_blank">Existing rel</a></p>';
    37         $expected = '<p>Links: <a href="/" rel="existing noopener values" target="_blank">Existing rel</a></p>';
    38         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    39     }
    40 
    41     public function test_rel_with_single_quote_delimiter() {
    42         $content  = '<p>Links: <a href="/" rel=\'existing values\' target="_blank">Existing rel</a></p>';
    43         $expected = '<p>Links: <a href="/" rel="existing values noopener" target="_blank">Existing rel</a></p>';
    44         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    45     }
    46 
    47     public function test_rel_with_no_delimiter() {
    48         $content  = '<p>Links: <a href="/" rel=existing target="_blank">Existing rel</a></p>';
    49         $expected = '<p>Links: <a href="/" rel="existing noopener" target="_blank">Existing rel</a></p>';
    50         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    51     }
    52 
    53     public function test_rel_value_spaced_and_no_delimiter() {
    54         $content  = '<p>Links: <a href="/" rel = existing target="_blank">Existing rel</a></p>';
    55         $expected = '<p>Links: <a href="/" rel="existing noopener" target="_blank">Existing rel</a></p>';
    56         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    57     }
    58 
    59     public function test_escaped_quotes() {
    60         $content  = '<p>Links: <a href=\"/\" rel=\"existing values\" target=\"_blank\">Existing rel</a></p>';
    61         $expected = '<p>Links: <a href=\"/\" rel=\"existing values noopener\" target=\"_blank\">Existing rel</a></p>';
    62         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    63     }
    64 
    65     public function test_ignore_links_with_no_target() {
    66         $content  = '<p>Links: <a href="/" target="_blank">Change me</a> <a href="/">Do not change me</a></p>';
    67         $expected = '<p>Links: <a href="/" target="_blank" rel="noopener">Change me</a> <a href="/">Do not change me</a></p>';
    68         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    69     }
    70 
    71     /**
    72      * Ensure empty rel attributes are not added.
    73      *
    74      * @ticket 45352
    75      */
    76     public function test_ignore_if_wp_targeted_link_rel_nulled() {
    77         add_filter( 'wp_targeted_link_rel', '__return_empty_string' );
    78         $content  = '<p>Links: <a href="/" target="_blank">Do not change me</a></p>';
    79         $expected = '<p>Links: <a href="/" target="_blank">Do not change me</a></p>';
    80         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    81     }
    82 
    83     /**
    84      * Ensure default content filters are added.
    85      *
    86      * @ticket 45292
    87      */
    88     public function test_wp_targeted_link_rel_filters_run() {
    89         $content  = '<p>Links: <a href="/" target="_blank">No rel</a></p>';
    90         $expected = '<p>Links: <a href="/" target="_blank" rel="noopener">No rel</a></p>';
    91 
    92         $post = self::factory()->post->create_and_get(
    93             array(
    94                 'post_content' => $content,
    95             )
    96         );
    97 
    98         $this->assertSame( $expected, $post->post_content );
    99     }
    100 
    101     /**
    102      * Ensure JSON format is preserved when relation attribute (rel) is missing.
    103      *
    104      * @ticket 46316
    105      */
    106     public function test_wp_targeted_link_rel_should_preserve_json() {
    107         $content  = '<p>Links: <a href=\"\/\" target=\"_blank\">No rel<\/a><\/p>';
    108         $expected = '<p>Links: <a href=\"\/\" target=\"_blank\" rel=\"noopener\">No rel<\/a><\/p>';
    109         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    110     }
    111 
    112     /**
    113      * Ensure the content of style and script tags are not processed
    114      *
    115      * @ticket 47244
    116      */
    117     public function test_wp_targeted_link_rel_skips_style_and_scripts() {
    118         $content  = '<style><a href="/" target=a></style><p>Links: <script>console.log("<a href=\'/\' target=a>hi</a>");</script><script>alert(1);</script>here <a href="/" target=_blank>aq</a></p><script>console.log("<a href=\'last\' target=\'_blank\'")</script>';
    119         $expected = '<style><a href="/" target=a></style><p>Links: <script>console.log("<a href=\'/\' target=a>hi</a>");</script><script>alert(1);</script>here <a href="/" target="_blank" rel="noopener">aq</a></p><script>console.log("<a href=\'last\' target=\'_blank\'")</script>';
    120         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    121     }
    122 
    123     /**
    124      * Ensure entirely serialized content is ignored.
    125      *
    126      * @ticket 46402
    127      */
    128     public function test_ignore_entirely_serialized_content() {
    129         $content  = 'a:1:{s:4:"html";s:52:"<p>Links: <a href="/" target="_blank">No Rel</a></p>";}';
    130         $expected = 'a:1:{s:4:"html";s:52:"<p>Links: <a href="/" target="_blank">No Rel</a></p>";}';
    131         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    132     }
    133 
    134     public function test_wp_targeted_link_rel_tab_separated_values_are_split() {
    135         $content  = "<p>Links: <a href=\"/\" target=\"_blank\" rel=\"ugc\t\tnoopener\t\">No rel</a></p>";
    136         $expected = '<p>Links: <a href="/" target="_blank" rel="ugc noopener">No rel</a></p>';
    137         $this->assertSame( $expected, wp_targeted_link_rel( $content ) );
    138     }
    139 }

  • trunk/tests/phpunit/tests/menu/walker-nav-menu.php

    r56559 r59120  
    4444
    4545    /**
    46      * Tests when an item's target is _blank, that rel="noopener" is added.
    47      *
    48      * @ticket 43290
    49      */
    50     public function test_noopener_no_referrer_for_target_blank() {
    51         $actual     = '';
    52         $post_id    = self::factory()->post->create();
    53         $post_title = get_the_title( $post_id );
    54 
    55         $item = array(
    56             'ID'        => $post_id,
    57             'object_id' => $post_id,
    58             'title'     => $post_title,
    59             'target'    => '_blank',
    60             'xfn'       => '',
    61             'current'   => false,
    62         );
    63 
    64         $args = array(
    65             'before'      => '',
    66             'after'       => '',
    67             'link_before' => '',
    68             'link_after'  => '',
    69         );
    70 
    71         $this->walker->start_el( $actual, (object) $item, 0, (object) $args );
    72 
    73         $this->assertSame( "<li id=\"menu-item-{$post_id}\" class=\"menu-item-{$post_id}\"><a target=\"_blank\" rel=\"noopener\">{$post_title}</a>", $actual );
    74     }
    75 
    76     /**
    7746     * @ticket 47720
    7847     *
     
    219188            ),
    220189            'no xfn value and a target of "_blank"' => array(
    221                 'expected' => 'rel="noopener privacy-policy"',
     190                'expected' => 'rel="privacy-policy"',
    222191                'xfn'      => '',
    223192                'target'   => '_blank',

  • trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r59034 r59120  
    14441444                    ),
    14451445                    'description' => array(
    1446                         'raw'      => '<a href="#" target="_blank" rel="noopener">link</a>',
    1447                         'rendered' => '<p><a href="#" target="_blank" rel="noopener">link</a></p>',
     1446                        'raw'      => '<a href="#" target="_blank">link</a>',
     1447                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    14481448                    ),
    14491449                    'caption'     => array(
    1450                         'raw'      => '<a href="#" target="_blank" rel="noopener">link</a>',
    1451                         'rendered' => '<p><a href="#" target="_blank" rel="noopener">link</a></p>',
     1450                        'raw'      => '<a href="#" target="_blank">link</a>',
     1451                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    14521452                    ),
    14531453                ),

  • trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r59115 r59120  
    42864286                    ),
    42874287                    'content' => array(
    4288                         'raw'      => '<a href="#" target="_blank" rel="noopener">link</a>',
    4289                         'rendered' => '<p><a href="#" target="_blank" rel="noopener">link</a></p>',
     4288                        'raw'      => '<a href="#" target="_blank">link</a>',
     4289                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    42904290                    ),
    42914291                    'excerpt' => array(
    4292                         'raw'      => '<a href="#" target="_blank" rel="noopener">link</a>',
    4293                         'rendered' => '<p><a href="#" target="_blank" rel="noopener">link</a></p>',
     4292                        'raw'      => '<a href="#" target="_blank">link</a>',
     4293                        'rendered' => '<p><a href="#" target="_blank">link</a></p>',
    42944294                    ),
    42954295                ),

  • trunk/tests/phpunit/tests/widgets/wpWidgetCustomHtml.php

    r56547 r59120  
    304304
    305305    /**
    306      * Ensure that rel="noopener" is added to links with a target.
     306     * Ensure that rel="noopener" is not added to links without a target.
    307307     *
    308308     * @ticket 46421
    309309     */
    310     public function test_render_links_with_target() {
    311         $widget = new WP_Widget_Custom_HTML();
    312 
    313         $content = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     310    public function test_render_links_without_target() {
     311        $widget = new WP_Widget_Custom_HTML();
     312
     313        $content = 'Test content with an internal <a href="/">link</a>.';
    314314
    315315        $args = array(
     
    326326
    327327        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    328         $this->assertStringContainsString( 'rel="noopener"', $output );
    329     }
    330 
    331     /**
    332      * Ensure that rel="noopener" is not added to links without a target.
    333      *
    334      * @ticket 46421
    335      */
    336     public function test_render_links_without_target() {
    337         $widget = new WP_Widget_Custom_HTML();
    338 
    339         $content = 'Test content with an internal <a href="/">link</a>.';
    340 
    341         $args = array(
    342             'before_title'  => '<h2>',
    343             'after_title'   => '</h2>',
    344             'before_widget' => '',
    345             'after_widget'  => '',
    346         );
    347 
    348         $instance = array(
    349             'title'   => 'Foo',
    350             'content' => $content,
    351         );
    352 
    353         $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    354328        $this->assertStringNotContainsString( 'rel="noopener"', $output );
    355329    }

  • trunk/tests/phpunit/tests/widgets/wpWidgetMediaImage.php

    r57987 r59120  
    545545        $this->assertStringContainsString( '<a href="https://example.org"', $output );
    546546        $this->assertStringContainsString( 'target="_blank"', $output );
    547         $this->assertStringContainsString( 'rel="noopener"', $output );
    548547
    549548        // Populate caption in attachment.

  • trunk/tests/phpunit/tests/widgets/wpWidgetText.php

    r56549 r59120  
    10031003
    10041004    /**
    1005      * Ensure that rel="noopener" is added to links with a target.
     1005     * Ensure that rel="noopener" is not added to links without a target.
    10061006     *
    10071007     * @ticket 46421
    10081008     */
    1009     public function test_render_links_with_target() {
     1009    public function test_render_links_without_target() {
    10101010        $widget = new WP_Widget_Text();
    10111011
    1012         $text = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     1012        $text = 'Test content with an internal <a href="/">link</a>.';
    10131013
    10141014        $args = array(
     
    10261026        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    10271027
    1028         $this->assertStringContainsString( 'rel="noopener"', $output );
    1029     }
    1030 
    1031     /**
    1032      * Ensure that rel="noopener" is not added to links without a target.
    1033      *
    1034      * @ticket 46421
    1035      */
    1036     public function test_render_links_without_target() {
    1037         $widget = new WP_Widget_Text();
    1038 
    1039         $text = 'Test content with an internal <a href="/">link</a>.';
    1040 
    1041         $args = array(
    1042             'before_title'  => '<h2>',
    1043             'after_title'   => '</h2>',
    1044             'before_widget' => '',
    1045             'after_widget'  => '',
    1046         );
    1047 
    1048         $instance = array(
    1049             'title' => 'Foo',
    1050             'text'  => $text,
    1051         );
    1052 
    1053         $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    1054 
    10551028        $this->assertStringNotContainsString( 'rel="noopener"', $output );
    10561029    }
Note: See TracChangeset for help on using the changeset viewer.