Make WordPress Core


Ignore:
Timestamp:
09/30/2024 05:17:54 AM (4 months ago)
Author:
peterwilsoncc
Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

  • wp_targeted_link_rel()
  • wp_targeted_link_rel_callback()
  • wp_init_targeted_link_rel_filters(): converted to a noop function
  • wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/widgets/wpWidgetCustomHtml.php

    r56547 r59120  
    304304
    305305    /**
    306      * Ensure that rel="noopener" is added to links with a target.
     306     * Ensure that rel="noopener" is not added to links without a target.
    307307     *
    308308     * @ticket 46421
    309309     */
    310     public function test_render_links_with_target() {
    311         $widget = new WP_Widget_Custom_HTML();
    312 
    313         $content = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     310    public function test_render_links_without_target() {
     311        $widget = new WP_Widget_Custom_HTML();
     312
     313        $content = 'Test content with an internal <a href="/">link</a>.';
    314314
    315315        $args = array(
     
    326326
    327327        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    328         $this->assertStringContainsString( 'rel="noopener"', $output );
    329     }
    330 
    331     /**
    332      * Ensure that rel="noopener" is not added to links without a target.
    333      *
    334      * @ticket 46421
    335      */
    336     public function test_render_links_without_target() {
    337         $widget = new WP_Widget_Custom_HTML();
    338 
    339         $content = 'Test content with an internal <a href="/">link</a>.';
    340 
    341         $args = array(
    342             'before_title'  => '<h2>',
    343             'after_title'   => '</h2>',
    344             'before_widget' => '',
    345             'after_widget'  => '',
    346         );
    347 
    348         $instance = array(
    349             'title'   => 'Foo',
    350             'content' => $content,
    351         );
    352 
    353         $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    354328        $this->assertStringNotContainsString( 'rel="noopener"', $output );
    355329    }
Note: See TracChangeset for help on using the changeset viewer.