Add optional "noopener" and "noreferrer" attributes to links

Created on 9 September 2021, about 3 years ago

Updated 17 January 2023, almost 2 years ago

Problem/Motivation

For links that open in a new window (ie. target=_blank), to increase security against reverse tabnapping vulnerabilities, it is recommended to add "noopener" and "noreferrer" values to the link's "rel" attribute.

<a href="https://external-site.com" target="_blank" rel="noopener noreferrer">External link</a>

Steps to reproduce

Proposed resolution

Add checkboxes to the link field's "Manage display" configuration so that these can be toggled on or off by site administrators. Make them visible when "Open link in new window" checkbox is checked.

Open link in new window not checked

Open link in new window checked

Remaining tasks

Update screenshots in the Issue Summary
Patch review
Update patch to test with latest development version

User interface changes

API changes

Data model changes

Release notes snippet

✨ Feature request

Status

Needs work

Version

10.1 ✨

Component

Link →

Last updated about 4 hours ago

Maintained by
🇧🇷Brazil @Mac_Weber

Created by

🇪🇪Estonia mmatsoo

Live updates comments and jobs are added and updated live.

Security improvements
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Needs change record
A change record needs to be drafted before an issue is committed. Note: Change records used to be called change notifications.

Needs Review Queue Initiative
Used to track the progress of issues reviewed by the Drupal Needs Review Queue Initiative.

Needs usability review
Used to alert the usability topic maintainer(s) that an issue significantly affects (or has the potential to affect) the usability of Drupal, and their signoff is needed. When adding this tag, make it easy to review the issue. Make sure the issue summary describes the problem and the proposed solution. Screenshots usually help a lot! To get sign-off on issues with the "Needs usability review" tag, post about them in the #ux channel on Drupal Slack, and/or attend a UX meeting to demo the patch and get direct feedback from designers/UX folks/product management on next steps. If an issue represents a significant new feature, UI change, or change to the general "user experience" of Drupal, use Needs product manager review instead. See the scope of responsibilities for product managers.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

No activities found.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024