✅ The extends: 'recommended'
property in a configuration file enables this rule.
When you want to link to an external page from your app, it is very common to use <a href="url" target="_blank"></a>
to make the browser open this link in a new tab.
However, this practice has performance problems and also opens a door to some security attacks because the opened page can redirect the opener app to a malicious clone to perform phishing on your users.
Adding rel="noopener noreferrer"
closes that door and avoids javascript in the opened tab to block the main
thread in the opener. Also note that Firefox versions prior 52 do not implement noopener
, so rel="noreferrer"
should be used instead (see Firefox issue).
This rule forbids the following:
This rule allows the following:
The following values are valid configuration:
- string --
strict
for enabled and validating both noopenerand
noreferrer - boolean
true
to maintain backwards compatibility with previous versions ofember-template-lint
that validate noopeneror
noreferrer
If you are supporting Firefox, you should use strict
.