Make WordPress Core


Ignore:
Timestamp:
09/30/2024 05:17:54 AM (6 weeks ago)
Author:
peterwilsoncc
Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

  • wp_targeted_link_rel()
  • wp_targeted_link_rel_callback()
  • wp_init_targeted_link_rel_filters(): converted to a noop function
  • wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/menu/walker-nav-menu.php

    r56559 r59120  
    4444
    4545    /**
    46      * Tests when an item's target is _blank, that rel="noopener" is added.
    47      *
    48      * @ticket 43290
    49      */
    50     public function test_noopener_no_referrer_for_target_blank() {
    51         $actual     = '';
    52         $post_id    = self::factory()->post->create();
    53         $post_title = get_the_title( $post_id );
    54 
    55         $item = array(
    56             'ID'        => $post_id,
    57             'object_id' => $post_id,
    58             'title'     => $post_title,
    59             'target'    => '_blank',
    60             'xfn'       => '',
    61             'current'   => false,
    62         );
    63 
    64         $args = array(
    65             'before'      => '',
    66             'after'       => '',
    67             'link_before' => '',
    68             'link_after'  => '',
    69         );
    70 
    71         $this->walker->start_el( $actual, (object) $item, 0, (object) $args );
    72 
    73         $this->assertSame( "<li id=\"menu-item-{$post_id}\" class=\"menu-item-{$post_id}\"><a target=\"_blank\" rel=\"noopener\">{$post_title}</a>", $actual );
    74     }
    75 
    76     /**
    7746     * @ticket 47720
    7847     *
     
    219188            ),
    220189            'no xfn value and a target of "_blank"' => array(
    221                 'expected' => 'rel="noopener privacy-policy"',
     190                'expected' => 'rel="privacy-policy"',
    222191                'xfn'      => '',
    223192                'target'   => '_blank',
Note: See TracChangeset for help on using the changeset viewer.