Project

General

Profile

Task #89347

Updated by Oliver Hader about 5 years ago

Issue #78488 introduced norefferer & noopener per default for external links, see 
 https://review.typo3.org/c/Packages/TYPO3.CMS/+/59194 

 However there are scenarios where this has to be seen in context and scope of the website project: 

 h2. General 

 * @noopener@ only has an effect of "opened" window contexts (e.g. @target="_blank"@) 
 * @noreferrer@ might contradict tracking & analyzation on websites 
 ** e.g. "which site is has similar information" - good use of referrer in a scope similar to "LOD" 
 *** @Referrer: https://typo3-website.org/resources/car-engines/abc@ when opening @https://remote-vendor.com/cars/xyz@ 
 ** e.g. "which site has similar problems" - bad use of referrer, when e.g. sensitive areas point public resources 
 *** @Referrer: https://typo3-website.org/user-restricted-internal/product-abc-sucks@ pointing to @https://remote-vendor.com/prodct-abc@ 

 h2. Suggestion 

 * make settings configurable 
 ** TypoScript @typolink@ 
 ** Site Configuration anchor behavior 
 * default settings (when not having TypoScript or Site Configuration loaded - e.g. CLI context) should be strict @noopener noreferrer@ (current scenario) 

 h2. Side-note 

 There is a difference between TYPO3 backend and frontend as well. Basically 
 * strict default for backend should be @noopener noreferrer@ 
 * individual behavior for frontend as outlined in previous sections 

Back