WordPress.org

Make WordPress Core

Opened 9 months ago

Last modified 3 months ago

#37941 reopened defect (bug)

add rel="noopener noreferrer" to any target="_blank"

Reported by: Presskopp Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch
Focuses: Cc:

Description

This is a following ticket to #36809

It's about making these links more secure where/when they are used.

see:
https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

Attachments (1)

37941.diff (71.9 KB) - added by Presskopp 9 months ago.

Download all attachments as: .zip

Change History (7)

@Presskopp
9 months ago

#1 @Presskopp
9 months ago

  • Keywords has-patch added

Patch is simply adding it to any found instance.

I'm sure it needs more (or less) to be done,

but I don't know which php-files or js-files to touch, to generate this tags for each link with target="_blank" set.

Last edited 9 months ago by Presskopp (previous) (diff)

#2 @Presskopp
9 months ago

  • Keywords needs-patch added; has-patch removed

#3 @Ipstenu
9 months ago

  • Resolution set to duplicate
  • Status changed from new to closed

This doesn't need to be a separate ticket at this time.

#36809 is just going to transmute from fix A to fix B :) Happens all the time.

#4 @swissspidy
9 months ago

  • Milestone Awaiting Review deleted
  • Version trunk deleted

#5 @kevinlangleyjr
5 months ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

Per comment https://core.trac.wordpress.org/ticket/36809#comment:15 and https://core.trac.wordpress.org/ticket/36809#comment:10, this should be a separate ticket and patch than the original ticket.

Reopening since I've added a patch for the other ticket, #36809, and this is still valid per the above mentioned comments.

#6 @SergeyBiryukov
3 months ago

  • Milestone set to Awaiting Review
Note: See TracTickets for help on using tickets.