Add rel="noreferrer noopener" when setting 'open in new tab' option #6186
Labels
[Feature] Rich Text
Related to the Rich Text component that allows developers to render a contenteditable
[Type] Enhancement
A suggestion for improvement.
Milestone
Issue Overview
I noticed that the 'Open in a new tab' option has been (re-)added.
Glad to see its back, now the additional
rel="noreferrer noopener"
attribute should be added for security; https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/It is already part of WP Core; https://core.trac.wordpress.org/ticket/36809
Has also been mentioned in the big convo here; #4583 but is yet to be implemented.
Expected Behavior
Any link that uses the 'Open in a new window' option should automatically get the
rel="noreferrer noopener"
attribute added too.Current Behavior
No
rel
attribute is added/available.The text was updated successfully, but these errors were encountered: