Make WordPress Core

Opened 4 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#61482 closed defect (bug) (invalid)

WordPress is adding rel="noopener" to code in normal texteditor

Reported by: neo2k23's profile neo2k23 Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.6
Component: General Keywords:
Focuses: Cc:

Description

I am adding this line in the text editor

<a style="color:yellow" target="_blank" href="https://myforum.com">Goto the Forum</a>

after saving it becomes

<a style="color:yellow" target="_blank" href="https://myforum.com" rel="noopener">Goto my Forum</a>

rel="noopener" has been added. I do not want this behaviour. The html code should stay the way i added it.

I am using a clean install with the default 24 theme and the classic editor activated

Can you please tell me how i can prevent wordpress from changing my code?

Change History (14)

#1 @neo2k23
4 weeks ago

How can i turn this OFF in the default classic wordpress editor?

#2 @deepakrohilla
4 weeks ago

By default all links with a target of _blank will get a rel attribute of noopener. This will disable access to the window.opener object from a child tab/window that will open on click. If this is not something you care about, you can disable this option, by setting it to false. Although we do not recommend you to do so unless you have other ways of securing links to external pages using target set to _blank.

Type: Boolean

Default value: false

Possible values: true, false

Example: using allow_unsafe_link_target
tinymce.init({

selector: 'textarea', change this value according to your HTML
allow_unsafe_link_target: true

});

well there is no need to remove rel="noopener" from links on your website. It is good for your website’s security and has no performance or SEO impact on your website.

But if you really want to remove it you have to add_filter on the_content like.

function remove_noopener_from_post_content($content) {
    // Replace rel="noopener" with an empty string
    $content = str_replace('rel="noopener"', '', $content);
    
    return $content;
}
add_filter('the_content', 'remove_noopener_from_post_content');

#3 @neo2k23
4 weeks ago

The problem is that it formats the code on saving of the content. So if you have a shortcode like this

[text_flip textReplaceWith="HTML 5 Compatible|Has Excellent & Fast Support <a style='color:yellow;' target='_blank' href='https://mysupportforum.com'>Visit our Forum</a>"] WordPress Theme.[/text_flip]

That link inside the shortcode is altered on page save. And since shortcodes work with "" for the parameters the code does not work anymore after saving the page as it is altered on save.

The filter does not work as the shortcode does not work anymore. The parameter becomes

[text_flip textReplaceWith="HTML 5 Compatible|Has Excellent & Fast Support <a style='color:yellow;' target='_blank' href='https://mysupportforum.com' rel="nooppener">Visit our Forum</a>"] WordPress Theme.[/text_flip]

and thus stops working.

The code within the shortcode should not be altered on saving.
You can try it yourselves. Copy the first shortcode example and save it. You will see that it is altered after saving.

in this case it would work if it added rel='noopener'

But even if you add that it changes it to rel="noopener" wrecking the shortcode.

if i add rel='noopener' it should not change it to rel="noopener" within the shortcode.

This looks like it is a bug.

Last edited 4 weeks ago by neo2k23 (previous) (diff)

#4 @neo2k23
4 weeks ago

Adding this code does also not work. It keeps adding rel="noopener" but i need in this case rel='noopener' to be added as we are parsing text within a shortcode parameter.

add_filter( 'teeny_mce_before_init', 'theme_smartwp_allow_unsafe_link_target' );
add_filter( 'tiny_mce_before_init', 'theme_smartwp_allow_unsafe_link_target' );
function theme_smartwp_allow_unsafe_link_target( $mceInit ) {
 $mceInit['allow_unsafe_link_target'] = true;
 return $mceInit;
}

Do you have a better solution for me?

Thank you

Last edited 4 weeks ago by neo2k23 (previous) (diff)

#5 @deepakrohilla
4 weeks ago

Try below code once and save shortcode once again.

function disable_unsafe_link_target( $init ) {
    $init['allow_unsafe_link_target'] = false;
    return $init;
}
add_filter( 'tiny_mce_before_init', 'disable_unsafe_link_target' );

#6 @neo2k23
4 weeks ago

That does not work as replied before. Default allow_unsafe_link_target is already set to false.

It should be set to true to disable it.

$init['allow_unsafe_link_target'] = true;

Either way if set to true or false the filter is reached, but the end result is the same. rel="noopener" is added.

The main problem here is that the formatting within a shortcode on save content should not take place. The formatting should take place when the code executes in the frontend.

I still believe this is a kind of a bug.

Last edited 4 weeks ago by neo2k23 (previous) (diff)

#7 @neo2k23
4 weeks ago

even if you add target="_self" target="_parent" or target="_top" the rel="noopener" is added.

This can't be right.

This should only happen at target="_blank" but not within html used in a shortcode parameter.

#9 follow-up: @khokansardar
4 weeks ago

@neo2k23 in your case you can turn OFF the rel attribute from you anchor tag by removing below hook which one is added in wordpress for content formatting.

// Remove hook modifying the rel attribute of targeted links on content save.
remove_filter( 'content_save_pre', 'wp_targeted_link_rel' );

And test it again by adding your content -

<a style="color:yellow" target="_blank" href="https://myforum.com">Goto the Forum</a>

#10 @khokansardar
4 weeks ago

  • Keywords needs-patch added

We could effectively deprecate wp_targeted_link_rel() and associated functions, and remove them from the list of active filter hooks in the WordPress codebase. This would still need a patch.

#11 in reply to: ↑ 9 @neo2k23
4 weeks ago

Replying to khokansardar:

@neo2k23 in your case you can turn OFF the rel attribute from you anchor tag by removing below hook which one is added in wordpress for content formatting.

// Remove hook modifying the rel attribute of targeted links on content save.
remove_filter( 'content_save_pre', 'wp_targeted_link_rel' );

And test it again by adding your content -

<a style="color:yellow" target="_blank" href="https://myforum.com">Goto the Forum</a>

Thank you for the reply.

That resolves the issue. I hope WordPress removes the filter once and for all. If not my last question remains:

Isn't it a bug that also on target="_self" target="_parent" or target="_top" the rel="noopener" is added?

Btw i fixed my issue another way. I am using macros which are replaced on executing of the shortcode to avoid any further or future conflicts.

<a href="https://myforum.com" {new}>Goto the Forum</a>

the macro {new} will become target="_blank" rel="noopener" on execution of the shortcode.

This way I can avoid any issues with the wordpress formatter affecting the shortcodes.

Thank you all for the explaining and contributions.

Last edited 4 weeks ago by neo2k23 (previous) (diff)

#12 follow-up: @kushyourdevexpert
4 weeks ago

  • Keywords needs-patch removed
  • Resolution set to invalid
  • Status changed from new to closed

Add this filter in Function.php and rel="noopener remove automatically

/**
 * Remove rel="noopener" from links in the content.
 *
 * @param string $content The content of the post or page.
 * @return string Modified content with rel="noopener" removed.
 */
function remove_noreferrer($content) {
    // Replace rel="noopener" with an empty string to remove it
    return str_replace(' rel="noopener"', '', $content);
}
// Add filter to apply the function to the content
add_filter('the_content', 'remove_noreferrer');

#13 in reply to: ↑ 12 @neo2k23
4 weeks ago

Replying to kushyourdevexpert:

Add this filter in Function.php and rel="noopener remove automatically

}}}

That does not resolve my issue at all as shortcodes are generated before the content filter runs and are already wrecked after saving the content in the admin area (as decribed in one of my comments).

The only working solution hae been provided by @khokansardar a couple of days ago. (Thanks for that).

Bu I already fixed my issue anothert way by using a kind macro language in the shortcode itself to avoid the auto formatting taking place at all. the macro is replaced by the correct html code at execution of the shortcode.

In which case it does not matter any longer if and when WordPress removes the wp_targeted_link_rel() function.

thank you

Last edited 4 weeks ago by neo2k23 (previous) (diff)

#14 @desrosj
4 weeks ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.