Links to cross-origin destinations are unsafe [#3224695]

Problem/Motivation

The projects/modules have a few of links that open in a new window.

Form:
https://web.dev/external-anchors-use-rel-noopener/

When you link to a page on another site using the target="_blank" attribute, you can expose your site to performance and security issues:

The other page may run on the same process as your page. If the other page is running a lot of JavaScript, your page's performance may suffer.
The other page can access your window object with the window.opener property. This may allow the other page to redirect your page to a malicious URL.

Adding rel="noopener" or rel="noreferrer" to your target="_blank" links avoids these issues.

Steps to reproduce

Visit the browser page.

Proposed resolution

Add rel="noopener" or rel="noreferrer" to your target="_blank" links

Remaining tasks

TBD

User interface changes

TBD

API changes

TBD

Data model changes

TBD

Comments

Comment #1

21 July 2021 at 14:29

thejimbirch created an issue. See original summary.

Comment #2

28 July 2021 at 15:08

grasmash committed 5d059f7 on 1.0.x

Issue #3224695: Links to cross-origin destinations are unsafe

Comment #3

grasmash CreditAttribution: grasmash commented 28 July 2021 at 15:10

Status:

Active

» Fixed

Comment #4

11 August 2021 at 15:14

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Comment #5

grasmash CreditAttribution: grasmash at Acquia commented 13 September 2021 at 13:51

Links to cross-origin destinations are unsafe

Problem/Motivation

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

Comments

Comment #1

Comment #2

Comment #3

Comment #4

Comment #5

Thank you to these Drupal contributors

News items

Our community

Documentation

Drupal code base

Governance of community