linkit icon indicating copy to clipboard operation
linkit copied to clipboard
verified publisher icon fruitstudios

Add rel="noopener noreferrer" to target="_blank"

Open auralon opened this issue 8 years ago • 2 comments

rel="noopener noreferrer" should be added to links containing target="_blank" as a precaution against reverse tabnabbing. For more information, please refer to the following article: https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/

auralon avatar Mar 12 '18 15:03 auralon

+1 for this.

terryupton avatar Sep 03 '18 14:09 terryupton

@auralon I think this might be as simple as adding this in to the attributes like so; {% set attributes = { rel: "noopener noreferrer" } %}

{{ block.linkTo.htmlLink(attributes) }}

terryupton avatar Sep 03 '18 14:09 terryupton