Task #89347

Updated by Oliver Hader 15 days ago

Issue #78488 introduced norefferer & noopener per default for external links, see
https://review.typo3.org/c/Packages/TYPO3.CMS/+/59194

However there are scenarios where this has to be seen in context and scope of the website project:

h2. General

* @noopener@ only has an effect of "opened" window contexts (e.g. @target="_blank"@)
* @noreferrer@ might contradict tracking & analyzation on websites
** e.g. "which site is has similar information" - good use of referrer in a scope similar to "LOD"
*** @Referrer: https://typo3-website.org/resources/car-engines/abc@ when opening @https://remote-vendor.com/cars/xyz@
** e.g. "which site has similar problems" - bad use of referrer, when e.g. sensitive areas point public resources
*** @Referrer: https://typo3-website.org/user-restricted-internal/product-abc-sucks@ pointing to @https://remote-vendor.com/prodct-abc@

h2. Suggestion

* make settings configurable
** TypoScript @typolink@
** Site Configuration anchor behavior
* default settings (when not having TypoScript or Site Configuration loaded - e.g. CLI context) should be strict @noopener noreferrer@ (current scenario)

h2. Side-note

There is a difference between TYPO3 backend and frontend as well. Basically
* strict default for backend should be @noopener noreferrer@
* individual behavior for frontend as outlined in previous sections

Back