Make WordPress Core


Ignore:
Timestamp:
09/30/2024 05:17:54 AM (6 weeks ago)
Author:
peterwilsoncc
Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

  • wp_targeted_link_rel()
  • wp_targeted_link_rel_callback()
  • wp_init_targeted_link_rel_filters(): converted to a noop function
  • wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/formatting.php

    r58889 r59120  
    32953295 * @since 5.1.0
    32963296 * @since 5.6.0 Removed 'noreferrer' relationship.
     3297 * @deprecated 6.7.0
    32973298 *
    32983299 * @param string $text Content that may contain HTML A elements.
     
    33003301 */
    33013302function wp_targeted_link_rel( $text ) {
     3303    _deprecated_function( __FUNCTION__, '6.7.0' );
     3304
    33023305    // Don't run (more expensive) regex if no links with targets.
    33033306    if ( stripos( $text, 'target' ) === false || stripos( $text, '<a ' ) === false || is_serialized( $text ) ) {
     
    33333336 * @since 5.1.0
    33343337 * @since 5.6.0 Removed 'noreferrer' relationship.
     3338 * @deprecated 6.7.0
    33353339 *
    33363340 * @param array $matches Single match.
     
    33383342 */
    33393343function wp_targeted_link_rel_callback( $matches ) {
     3344    _deprecated_function( __FUNCTION__, '6.7.0' );
     3345
    33403346    $link_html          = $matches[1];
    33413347    $original_link_html = $link_html;
     
    33843390 *
    33853391 * @since 5.1.0
     3392 * @deprecated 6.7.0
    33863393 */
    33873394function wp_init_targeted_link_rel_filters() {
    3388     $filters = array(
    3389         'title_save_pre',
    3390         'content_save_pre',
    3391         'excerpt_save_pre',
    3392         'content_filtered_save_pre',
    3393         'pre_comment_content',
    3394         'pre_term_description',
    3395         'pre_link_description',
    3396         'pre_link_notes',
    3397         'pre_user_description',
    3398     );
    3399 
    3400     foreach ( $filters as $filter ) {
    3401         add_filter( $filter, 'wp_targeted_link_rel' );
    3402     }
     3395    _deprecated_function( __FUNCTION__, '6.7.0' );
    34033396}
    34043397
     
    34073400 *
    34083401 * @since 5.1.0
     3402 * @deprecated 6.7.0
    34093403 */
    34103404function wp_remove_targeted_link_rel_filters() {
    3411     $filters = array(
    3412         'title_save_pre',
    3413         'content_save_pre',
    3414         'excerpt_save_pre',
    3415         'content_filtered_save_pre',
    3416         'pre_comment_content',
    3417         'pre_term_description',
    3418         'pre_link_description',
    3419         'pre_link_notes',
    3420         'pre_user_description',
    3421     );
    3422 
    3423     foreach ( $filters as $filter ) {
    3424         remove_filter( $filter, 'wp_targeted_link_rel' );
    3425     }
     3405    _deprecated_function( __FUNCTION__, '6.7.0' );
    34263406}
    34273407
Note: See TracChangeset for help on using the changeset viewer.