WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 5 weeks ago

#49558 accepted enhancement

Remove noreferrer from wp_targeted_link_rel and other uses

Reported by: joostdevalk Owned by: SergeyBiryukov
Milestone: 5.5 Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch needs-unit-tests late
Focuses: Cc:

Description

When we added noopener noreferrer in #37941, the noreferrer bit was added specifically because at the time, Firefox didn't support noopener. Since it does now and has for a while, see here, I think we should remove it, as it does have nasty side effects: it breaks cross-site analytics.

We should remove it everywhere, as links in the admin don't send a referrer anyway after 41741 and as such there's no security risk to removing it.

Change History (3)

#1 @SergeyBiryukov
5 weeks ago

  • Milestone changed from Awaiting Review to 5.5
  • Owner set to SergeyBiryukov
  • Status changed from new to accepted

#2 @jonoaldersonwp
5 weeks ago

Seconded.

#3 @peterwilsoncc
5 weeks ago

  • Keywords needs-patch needs-unit-tests late added

Yes, I very much think this of benefit to the WP and its users.

However, the WP browser support policy still includes Edge 18 as it has over 1% usage at the time of writing.

Let's keep an eye on the Can I Use browser usage stats and gleefully commit this once the EdgeHTML Edge browser use drops below the WP support levels.

My hunch is that it will still make the 5.5 milestone, so I am keeping milestone unchanged.

Note: See TracTickets for help on using tickets.