Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Unsafe use of target blank
philwareham wrote #323037:
Erm, why are we doing this exactly? These links don’t target a new window/tab as far as I remember so adding that to the
relattribute is not going to do anything.
My bad. I’ll revert it. I thought it would help if people chose to open the link in a new tab.
Edit: Oh, you’ve done it. Thanks!
Last edited by Bloke (2020-05-19 09:28:01)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Hire Txp Builders – finely-crafted code, design and Txp
Offline
Re: Unsafe use of target blank
Bloke wrote #323039:
My bad. I’ll revert it.
I’ve done a partial revert today – no worries. Cheers Stef.
Offline
Re: Unsafe use of target blank
Bloke wrote #323039:
I thought it would help if people chose to open the link in a new tab.
If a user manually opens a link in a new tab via a right-click context menu option, that is automatically ring-fenced by the browser against the aforementioned security risk I believe.
Offline
Re: Unsafe use of target blank
philwareham wrote #323042:
If a user manually opens a link in a new tab via a right-click context menu option, that is automatically ring-fenced by the browser against the aforementioned security risk I believe.
Good to know, thanks!
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Hire Txp Builders – finely-crafted code, design and Txp
Offline
Re: Unsafe use of target blank
philwareham wrote #323037:
noopeneris only needed whentarget="_blank"is used, to mitigate tab-jacking. And we already do that anywhere it is in core.
You may want to add a noopener to the link-to-textpattern-site in the footer of every page of the admin side. Oh, and on the Write tab, the ”view” link is also target=_blank (to give it the same treatment as that the link-to-site in the <header />).
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Unsafe use of target blank
Maybe, but I felt Textpattern.com won’t ever try to tab-jack and if you tab-jack yourself from your own site… well!
Offline
Re: Unsafe use of target blank
philwareham wrote #323045:
Maybe, but I felt Textpattern.com won’t ever try to tab-jack and if you tab-jack yourself from your own site… well!
Hmm… Site name. Consistency… Agree about tab-jacking one-self being a little funny.
As for Textpattern site. Who knows…
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Unsafe use of target blank
OK, I have added noopener everywhere a new window is called now – a bit overkill but it can’t hurt.
Offline
Re: Unsafe use of target blank
phiw13 wrote #322851:
That short article mentions
rel="noopener"to mitigate the issue. I think that it is now the default on at least Safari (and Firefox ?), see Mathias‘ note.
Starting with Firefox 79, rel=noopener is implicit with target=_blank links, basically mimicking the behaviour implemented by Safari many moons ago. See the release note.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
phiw13 on Codeberg
Offline
Re: Unsafe use of target blank
phiw13 wrote #324962:
Starting with Firefox 79,
rel=noopeneris implicit withtarget=_blanklinks, basically mimicking the behaviour implemented by Safari many moons ago. See the release note.
This is indeed good news!
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline