Project

General

Profile

Bug #95051

Updated by Martin Tepper about 3 years ago

 

 Hello, 

 i noticed that links between configured sites with different domains in the same TYPO3 system have not the rel="noreferrer" attribute. The target="_blank" is set. 

 I came to this because Lighthouse gave me the hint "Links to cross-origin destinations are unsafe". 

 My domains are completely different like: www.abc.com & www.yxz.net. 

 By further analyse i came to the addSecurityRelValues() and isInternalUrl() method in typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php. 
 When i read correct: if the domain was found in the site configurations it's marked as "internal" domain (isInternalUrl()). 

 This was implemented by https://forge.typo3.org/issues/78488. 

 I think this is correct in few cases but not in the most. 
 I'm not sure but maybe a check of to the root domain of source domain and target domain is required here. here if they are equal. 

Back