Make WordPress Core

Opened 22 months ago

Last modified 19 months ago

#53843 new enhancement

Remove adding of rel="noopener" to links with target="_blank"

Reported by: azaozz's profile azaozz Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

#43187 introduced adding of rel="noopener noreferrer" to links with target="_blank" as a security precaution. Later, in #49558 noreferrer was removed as no longer needed.

Since then most browsers were updated to imply noopener on links with target="_blank" making #43187 and similar changes not relevant any more. See:
https://html.spec.whatwg.org/multipage/links.html#following-hyperlinks (specs),
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#browser_compatibility.

Adding this ticket now as a reminder to remove all noopener when all newer browsers implement the specs.

Change History (2)

#1 @sabernhardt
19 months ago

In case anyone wonders about the comment author links on the Comments admin screen (r52007), those would keep the rel attribute because they do not open in a new tab automatically.

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.


19 months ago

Note: See TracTickets for help on using tickets.