Project

General

Profile

Actions

Bug #89044

closed

Links in the TYPO3 backend and install tool should have set rel="noopener noreferrer" for external links

Added by Frank Nägler about 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Install Tool
Target version:
-
Start date:
2019-08-29
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Some links in the backend and install tool with target _blank (external links) have no rel="noopener noreferrer" set, this should be changed.

See here why: https://developers.google.com/web/tools/lighthouse/audits/noopener

When you open another page using target="_blank", the other page may run on the same process as your page, unless Site Isolation is enabled. If the other page is running a lot of JavaScript, your page's performance may also suffer. See The Performance Benefits of rel=noopener.
The other page can access your window object with the window.opener property. This exposes an attack surface because the other page can potentially redirect your page to a malicious URL. See About rel=noopener.


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #89757: Fix noopener noreferrer issueClosedBenni Mack2019-11-23

Actions
Related to TYPO3 Core - Bug #89771: rel="noreferer" should be set for all new windows, not just _blankClosed2019-11-25

Actions
Actions

Also available in: Atom PDF