Bug #89044
closed
Links in the TYPO3 backend and install tool should have set rel="noopener noreferrer" for external links
100%
Description
Some links in the backend and install tool with target _blank (external links) have no rel="noopener noreferrer" set, this should be changed.
See here why: https://developers.google.com/web/tools/lighthouse/audits/noopener
When you open another page using target="_blank", the other page may run on the same process as your page, unless Site Isolation is enabled. If the other page is running a lot of JavaScript, your page's performance may also suffer. See The Performance Benefits of rel=noopener.
The other page can access your window object with the window.opener property. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL. See About rel=noopener.
Updated by Gerrit Code Review about 5 years ago
- Status changed from In Progress to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61577
Updated by
Updated by Gerrit Code Review about 5 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61577
Updated by Gerrit Code Review about 5 years ago
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61594
Updated by Frank Nägler about 5 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 980996b49cb936e413c5767de779718d8ed47290.
Updated by Gerrit Code Review about 5 years ago
- Status changed from Resolved to Under Review
Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61594
Updated by Gerrit Code Review about 5 years ago
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61579
Updated by Gerrit Code Review about 5 years ago
Patch set 2 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61579
Updated by Frank Nägler about 5 years ago
- Status changed from Under Review to Resolved
Applied in changeset 0a0f753a20e2badd0adf062bc6f1f7ccea3d2b7f.
Updated by Daniel Goerz almost 5 years ago
- Related to Bug #89757: Fix noopener noreferrer issue added
Updated by Jonas Eberle almost 5 years ago
- Related to Bug #89771: rel="noreferer" should be set for all new windows, not just _blank added
Updated by Benni Mack almost 5 years ago
- Status changed from Resolved to Closed