Make WordPress Core


Ignore:
Timestamp:
09/30/2024 05:17:54 AM (4 months ago)
Author:
peterwilsoncc
Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

  • wp_targeted_link_rel()
  • wp_targeted_link_rel_callback()
  • wp_init_targeted_link_rel_filters(): converted to a noop function
  • wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-login.php

    r59027 r59120  
    698698
    699699                printf(
    700                     '<a href="%s" rel="noopener" target="_blank">%s%s</a>',
     700                    '<a href="%s" target="_blank">%s%s</a>',
    701701                    esc_url( $admin_email_help_url ),
    702702                    __( 'Why is this important?' ),
     
    16301630                        if ( links[i].href ) {
    16311631                            links[i].target = '_blank';
    1632                             links[i].rel = 'noopener';
    16331632                        }
    16341633                    }
Note: See TracChangeset for help on using the changeset viewer.