Make WordPress Core


Ignore:
Timestamp:
09/30/2024 05:17:54 AM (6 weeks ago)
Author:
peterwilsoncc
Message:

General: Remove noopener from links opening in a new tab.

Removes the automatic addition of rel="noopener noreferrer" from links targeting a new tab or window, target='_blank'. Since this was introduced, supported browsers have changed their security policies and no longer allow the opened link to have JavaScript access to the previous tab.

Deprecates:

  • wp_targeted_link_rel()
  • wp_targeted_link_rel_callback()
  • wp_init_targeted_link_rel_filters(): converted to a noop function
  • wp_remove_targeted_link_rel_filters(): converted to a noop function

The deprecated functions are retained in formatting.php as in SHORTINIT mode the file is included while deprecated.php is not.

This also removes the noopener from links hard coded within the WordPress dashboard linking to documentation and other resources.

Props audrasjb, azaozz, dhruval04, dorzki, neo2k23, presskopp, sabernhardt, swissspidy, tobiasbg.
Fixes #53843.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/widgets/wpWidgetText.php

    r56549 r59120  
    10031003
    10041004    /**
    1005      * Ensure that rel="noopener" is added to links with a target.
     1005     * Ensure that rel="noopener" is not added to links without a target.
    10061006     *
    10071007     * @ticket 46421
    10081008     */
    1009     public function test_render_links_with_target() {
     1009    public function test_render_links_without_target() {
    10101010        $widget = new WP_Widget_Text();
    10111011
    1012         $text = 'Test content with an external <a href="https://example.org" target="_blank">link</a>.';
     1012        $text = 'Test content with an internal <a href="/">link</a>.';
    10131013
    10141014        $args = array(
     
    10261026        $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    10271027
    1028         $this->assertStringContainsString( 'rel="noopener"', $output );
    1029     }
    1030 
    1031     /**
    1032      * Ensure that rel="noopener" is not added to links without a target.
    1033      *
    1034      * @ticket 46421
    1035      */
    1036     public function test_render_links_without_target() {
    1037         $widget = new WP_Widget_Text();
    1038 
    1039         $text = 'Test content with an internal <a href="/">link</a>.';
    1040 
    1041         $args = array(
    1042             'before_title'  => '<h2>',
    1043             'after_title'   => '</h2>',
    1044             'before_widget' => '',
    1045             'after_widget'  => '',
    1046         );
    1047 
    1048         $instance = array(
    1049             'title' => 'Foo',
    1050             'text'  => $text,
    1051         );
    1052 
    1053         $output = get_echo( array( $widget, 'widget' ), array( $args, $instance ) );
    1054 
    10551028        $this->assertStringNotContainsString( 'rel="noopener"', $output );
    10561029    }
Note: See TracChangeset for help on using the changeset viewer.