Project

General

Profile

Actions
Copy link

Bug #89044

closed

Links in the TYPO3 backend and install tool should have set rel="noopener noreferrer" for external links

Added by Frank Nägler over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Frank Nägler
Category:
Install Tool
Target version:
-
Start date:
2019-08-29
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Some links in the backend and install tool with target _blank (external links) have no rel="noopener noreferrer" set, this should be changed.

See here why: https://developers.google.com/web/tools/lighthouse/audits/noopener

When you open another page using target="_blank", the other page may run on the same process as your page, unless Site Isolation is enabled. If the other page is running a lot of JavaScript, your page's performance may also suffer. See The Performance Benefits of rel=noopener.
The other page can access your window object with the window.opener property. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL. See About rel=noopener.

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #89757: Fix noopener noreferrer issueClosedBenni Mack2019-11-23

Actions
Related to TYPO3 Core - Bug #89771: rel="noreferer" should be set for all new windows, not just _blankClosed2019-11-25

Actions
Actions
Copy link
 #1

Updated by Gerrit Code Review over 4 years ago

  • Status changed from In Progress to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61577

Actions
Copy link
 #2

Updated by Mathias Brodala over 4 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61577

Actions
Copy link
 #4

Updated by Gerrit Code Review over 4 years ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61594

Actions
Copy link
 #5

Updated by Frank Nägler over 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #6

Updated by Gerrit Code Review over 4 years ago

  • Status changed from Resolved to Under Review

Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61594

Actions
Copy link
 #7

Updated by Gerrit Code Review over 4 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61579

Actions
Copy link
 #8

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61579

Actions
Copy link
 #9

Updated by Frank Nägler over 4 years ago

  • Status changed from Under Review to Resolved
Actions
Copy link
 #10

Updated by Daniel Goerz over 4 years ago

  • Related to Bug #89757: Fix noopener noreferrer issue added
Actions
Copy link
 #11

Updated by Jonas Eberle over 4 years ago

  • Related to Bug #89771: rel="noreferer" should be set for all new windows, not just _blank added
Actions
Copy link
 #12

Updated by Benni Mack over 4 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF