[#34434] - [4.0] add rel attribute in joomla.ini
- Fixed in Code Base
- 7 Jun 2021
- Medium
- Build: 4.0-dev
- # 34434
- Diff
- tecpromotion:patch-3
User tests: Successful: Unsuccessful:
Summary of Changes
this pull request adds the rel attribute to the target=_blank links
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Installation Language & Strings |
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/34434.
| Status | Pending | ⇒ | Ready to Commit |
| Labels |
Added:
?
?
|
||
RTC
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/34434.
Nothing wrong with this change but it's not really needed as I'm pretty sure we can trust our own sites. Iirc we haven't done this for other joomla org let nks
Thanks @brianteeman
Nothing wrong with this change but it's not really needed as I'm pretty sure we can trust our own sites. Iirc we haven't done this for other joomla org let nks
Sure we can trust the pages but we can also easily make sure that all windows that open in a new window get the rel attribute "noopener, noreferrer".
My reason for this pull request was:
If you are linked to an external website that could be affected by the malicious code, then that website can use the window.opener JavaScript property to steal digital information from your audience by running on the same process of your page.
So adding rel="noopener" or rel="noreferrer" to the link will prevent the new tab from taking advantage of the JavaScript window.opener feature.
I know the reasons. I did the first pr for this :)
I just think we can trust our own site
I know the reasons. I did the first pr for this :)
I just think we can trust our own site
Set a good example and we set all outgoing links with the rel attribute. Then it will be consistent and there will be no questions about why there and not there.
What do you think @brianteeman ?
I think its funny that you think you can trust joomla.org sites...
@StefanSTS In which case shouldnt you update this PR for all the other links to joomla.org?
And I just did a very quick look and see that there are real external links that dont have this when they absolutely should
If only there was some kind of security team that had code reviews as one of its goals.….
Sent from my iPhone
On 6 Jun 2021, at 15:32, Brian Teeman @.***> wrote:
@StefanSTS In which case shouldnt you update this PR for all the other links to joomla.org?And I just did a very quick look and see that there are real external links that dont have this when they absolutely should
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
rdeutz
- | Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-06-07 21:04:24 |
| Closed_By | ⇒ | rdeutz | |
| Labels |
Added:
?
|
||
I have tested this item✅ successfully on c9e452c
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/34434.