Welcome! » Log In » Create A New Profile

How to add rel="noopener noreferrer" in every external anchor tag with target=_blank?

Posted by KillerBee 
How to add rel="noopener noreferrer" in every external anchor tag with target=_blank?
November 23, 2016 06:38AM

Here the reason: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

Every external outgoing uri with target=_blank should have a rel="noopener noreferrer" and optional "nofollow" for better seo.

http://htmlpurifier.org/live/configdoc/plain.html#HTML.Nofollow

I see that in version 4.8.0 this is partly included, good job!

http://htmlpurifier.org/live/configdoc/plain.html#HTML.TargetNoreferrer

But here is noopener still missing:

$rels[] = 'noreferrer';

should be:

$rels[] = 'noopener'; $rels[] = 'noreferrer';

or not? :)

Re: How to add rel="noopener noreferrer" in every external anchor tag with target=_blank?
November 23, 2016 10:52AM

That's probably a good idea we should add, conditional on target="_blank" being set.

Maybe here is a problem when the link is a affiliate link like amazon partner program? I found no information for this, but "noreferrer" in a amazon-link can make this link invalid?

Re: How to add rel="noopener noreferrer" in every external anchor tag with target=_blank?
November 23, 2016 02:54PM

Well, you don't have to turn on this feature if you want Amazon referrer links to work!

The rel="noopener noreferrer" tag should not be removed to protect your online security. The target"_blank" tag is behind those risks which are curbed by the rel="noopener noreferrer" tag. To get the insight into the issue read the latest article on the blog of TemplateToaster site where the doubts surrounding the rel="noopener noreferrer" tag have been clearly explained.

Edited 1 time(s). Last edit at 05/01/2017 05:51AM by deepak.singla.

Author:
Your Email:

Subject:

HTML input is enabled. Make sure you escape all HTML and angled brackets with < and >.

Auto-paragraphing is enabled. Double newlines will be converted to paragraphs; for single newlines, use the pre tag.

Allowed tags: a, abbr, acronym, b, blockquote, caption, cite, code, dd, del, dfn, div, dl, dt, em, i, ins, kbd, li, ol, p, pre, s, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var.

For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and pre to preserve newlines:

<pre><![CDATA[
Place code here
]]></pre>

Power users, you can hide this notice with:

.htmlpurifier-help {display:none;}

Message: