Opened 7 years ago
Closed 6 years ago
#43280 closed defect (bug) (fixed)
Add rel="noopener" to target="_blank" links by default in image widget
Reported by: | audrasjb | Owned by: | pento |
---|---|---|---|
Milestone: | 5.2 | Priority: | normal |
Severity: | normal | Version: | 4.9.4 |
Component: | Widgets | Keywords: | has-patch commit has-unit-tests |
Focuses: | Cc: |
Description
Core previously introduced rel="noopener"
attribute to target="_blank"
links –which is fine– but I think image widget should also add this attribute to image link.
I know there is already a "Link rel" text input but I think we should add rel="noopener"
attribute by default when "Open link in a new tab" option is checked and "Link rel" is empty.
Attachments (6)
Change History (27)
#4
@
7 years ago
- Owner set to audrasjb
- Status changed from new to assigned
As per my comment in #43290, I'm thinking we should also add the noreferrer
here as well to be consistent
#8
@
6 years ago
- Keywords needs-unit-tests added
- Milestone changed from 5.1 to 5.2
- Type changed from defect (bug) to enhancement
Similar to #43290, this change is good to land in 5.2. It could do with some unit tests.
#9
@
6 years ago
@welcher @audrasjb are you able to add some unit tests for this before 5.2 beta 1 in a little under 2 days time?
#12
@
6 years ago
As mentioned on #46421, I'd suggest to investigate on the actual usefulness of noreferrer:
- it was used to support old browsers that had no support for noopener, see https://mathiasbynens.github.io/rel-noopener/ under "Recommendations" for browsers details
- seems redundant after [41741] see #42036
#13
@
6 years ago
@afercia I think both of the rel attributes should be added, in order to keep some consistency with https://developer.wordpress.org/reference/functions/wp_targeted_link_rel/
If we want to remove noreferrer, I believe we should remove it from that function :-)
#14
@
6 years ago
@audrasjb right. Then, keeping the patch as is (same for the other related ones) seems to most appropriate thing to do. I'd suggest to open a separate ticket for discussion though.
(also, noting those functions lack a docblock @since tag)
#15
@
6 years ago
For consistency with images added in the post content, I'd think the behavior should be different.
In the post content, images get noopener noreferrer
even if users set their own value. Also, when reopening the details modal, the "rel" field is populated with noopener noreferrer
plus any custom value previously added:
Instead, with this patch noopener noreferrer
are added only if the field is empty. Also, when reopening the details modal the field is empty.
#16
@
6 years ago
@afercia You're right. We should use the same behaviour as post_content. I'll try to have a patch ready in the next few hours. Otherwise, we should punt it to the next release.
@
6 years ago
Rel attributes are added with wp_targeted_link_rel() function so they are always here in front
#17
@
6 years ago
@afercia with 4328.5.diff, the rel atributes are added with wp_targeted_link_rel() so they are always added in front-end.
#18
@
6 years ago
@audrasjb personally I like this new approach. Not my area of expertise though. I think there are two options:
Adds default rel noopener attribute when using target blank in media widget and Link rel field is empty