Make WordPress Core

Opened 2 years ago

Last modified 3 weeks ago

#53843 new enhancement

Remove adding of rel="noopener" to links with target="_blank"

Reported by: azaozz's profile azaozz Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

#43187 introduced adding of rel="noopener noreferrer" to links with target="_blank" as a security precaution. Later, in #49558 noreferrer was removed as no longer needed.

Since then most browsers were updated to imply noopener on links with target="_blank" making #43187 and similar changes not relevant any more. See:
https://html.spec.whatwg.org/multipage/links.html#following-hyperlinks (specs),
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#browser_compatibility.

Adding this ticket now as a reminder to remove all noopener when all newer browsers implement the specs.

Change History (5)

#1 @sabernhardt
2 years ago

In case anyone wonders about the comment author links on the Comments admin screen (r52007), those would keep the rel attribute because they do not open in a new tab automatically.

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.


2 years ago

This ticket was mentioned in Slack in #core by presskopp. View the logs.


6 weeks ago

Note: See TracTickets for help on using tickets.