Changeset 59120 for trunk/src/wp-admin/includes/class-wp-site-health.php

Timestamp:

09/30/2024 05:17:54 AM (7 months ago)

Author:

peterwilsoncc

Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

• wp_targeted_link_rel()
• wp_targeted_link_rel_callback()
• wp_init_targeted_link_rel_filters(): converted to a noop function
• wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

File:

• trunk/src/wp-admin/includes/class-wp-site-health.php (modified) (12 diffs)

trunk/src/wp-admin/includes/class-wp-site-health.php

@@ -747 +747 @@
             ),
             'actions'     => sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 esc_url( wp_get_update_php_url() ),
                 __( 'Learn more about updating PHP' ),
@@ -893 +893 @@
                     /* translators: Localized team handbook, if one exists. */
                     esc_url( __( 'https://make.wordpress.org/hosting/handbook/handbook/server-environment/#php-extensions' ) ),
-                    'target="_blank" rel="noopener"',
+                    'target="_blank"',
                     sprintf(
                         '<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span>',
@@ -1219 +1219 @@
             ),
             'actions'     => sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 /* translators: Localized version of WordPress requirements if one exists. */
                 esc_url( __( 'https://wordpress.org/about/requirements/' ) ),
@@ -1336 +1336 @@
 
             $result['actions'] = sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 /* translators: Localized Support reference. */
                 esc_url( __( 'https://wordpress.org/support/forums/' ) ),
@@ -1374 +1374 @@
             ),
             'actions'     => sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 /* translators: Documentation explaining debugging in WordPress. */
                 esc_url( __( 'https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/' ) ),
@@ -1456 +1456 @@
             ),
             'actions'     => sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 esc_url( $default_update_url ),
                 __( 'Learn more about why you should use HTTPS' ),
@@ -1540 +1540 @@
                     if ( ! empty( $direct_update_url ) ) {
                         $result['actions'] = sprintf(
-                            '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank" rel="noopener">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                            '<p class="button-container"><a class="button button-primary" href="%1$s" target="_blank">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                             esc_url( $direct_update_url ),
                             __( 'Update your site to use HTTPS' ),
@@ -1559 +1559 @@
                 if ( $update_url !== $default_update_url ) {
                     $result['description'] .= sprintf(
-                        '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                        '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                         esc_url( $update_url ),
                         __( 'Talk to your web host about supporting HTTPS for your website.' ),
@@ -2365 +2365 @@
         } else {
             $result['actions'] .= sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 __( 'https://developer.wordpress.org/rest-api/frequently-asked-questions/#why-is-authentication-not-working' ),
                 __( 'Learn how to configure the Authorization header.' ),
@@ -2398 +2398 @@
             'label'       => '',
             'actions'     => sprintf(
-                '<p><a href="%1$s" target="_blank" rel="noopener noreferrer">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%1$s" target="_blank" rel="noreferrer">%2$s<span class="screen-reader-text"> %3$s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 __( 'https://developer.wordpress.org/advanced-administration/performance/optimization/#caching' ),
                 __( 'Learn more about page cache' ),
@@ -2524 +2524 @@
             ),
             'actions'     => sprintf(
-                '<p><a href="%s" target="_blank" rel="noopener">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
+                '<p><a href="%s" target="_blank">%s<span class="screen-reader-text"> %s</span><span aria-hidden="true" class="dashicons dashicons-external"></span></a></p>',
                 esc_url( $action_url ),
                 __( 'Learn more about persistent object caching.' ),
@@ -2672 +2672 @@
         $result['actions'] = sprintf(
             /* translators: 1: HelpHub URL, 2: Link description. */
-            '<p><a target="_blank" rel="noopener" href="%1$s">%2$s</a></p>',
+            '<p><a target="_blank" href="%1$s">%2$s</a></p>',
             esc_url( __( 'https://developer.wordpress.org/advanced-administration/performance/optimization/#autoloaded-options' ) ),
             __( 'More info about optimizing autoloaded options' )