Bug #95051
Updated by Martin Tepper about 3 years ago
Hello, i noticed that links between configured sites with different domains in the same TYPO3 system have not the rel="noreferrer" attribute. The target="_blank" is set. I came to this because Lighthouse gave me the hint "Links to cross-origin destinations are unsafe". My domains are completely different: www.abc.com & www.yxz.net. By further analyse i came to the addSecurityRelValues() and isInternalUrl() method in typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php. When i read correct: if the domain was found in the site configurations it's marked as "internal" domain (isInternalUrl()). This was implemented by https://forge.typo3.org/issues/78488. I think this is correct in few cases but not in the most. I'm not sure by maybe a check to the root domain is required here if they are equal.