if you're going to change it then you also need to add the noreferrer stuff

I have tested this item ✅ successfully on f0adaa8

I have tested this item ✅ successfully on f0adaa8

Oops, missing here: noopener noreferrer

<a href="https://en.wikipedia.org/wiki/Google_Authenticator" target="_blank">Google Authenticator</a>

Oops, missing here: noopener noreferrer

<a href="https://en.wikipedia.org/wiki/Google_Authenticator" target="_blank">Google Authenticator</a>

out of scope for this PR.
Language string for this post-install message comes from plg_system_httpheaders.ini

out of scope for this PR.

I agree.

I see that this problem also occurs with the external links under the help function.

And already contains noopener noreferrer

I agree, apparently something went wrong for me when I upgraded to J 4.0.0-rc3 !?

I agree, apparently something went wrong for me when I upgraded to J 4.0.0-rc3 !?

@sandewt So is your successful test still valid or not?

I have tested this item ✅ successfully on f0adaa8

RTC

@hans2103 / @richard67

It concerns the plg_twofactorauth_totp.ini and NOT the plg_system_httpheaders.ini

See: missing noopener noreferrer

out of scope for this PR.

So I think, this is not out of the scope

@sandewt So is your successful test still valid or not?

NO

See: missing noopener noreferrer

joomla-cms/administrator/language/en-GB/plg_twofactorauth_totp.ini

Line 11 in 4730efc

PLG_TWOFACTORAUTH_TOTP_POSTINSTALL_BODY="<p>Joomla! comes with a built-in two factor authentication system. It secures your site login with a secondary secret code that's changing every 30 seconds. You can use your mobile device and the <a href=\"https://en.wikipedia.org/wiki/Google_Authenticator\" target=\"_blank\">Google Authenticator</a> app to produce that code.</p><p>By selecting the button below:</p><ul><li>Joomla! will enable the two factor authentication plugins</li><li>Two Factor Authentication is going to be available for all users.</li><li>Each user can configure Two Factor Authentication in User Details.</li><li>You can always disable Two Factor Authentication plugin, or configure it for Backend usage only.</li><li>You will be taken to your user profile page where you can find more information on two factor authentication and enable it for your user account.</li></ul>"

out of scope for this PR.

So I think, this is not out of the scope

@sandewt So is your successful test still valid or not?

NO

@Quy Should we fix this in staging or here?

Created a PR in this PR
Because discussing about it takes more time than fixing it.
Quy#3

Because discussing about it takes more time than fixing it.

?

Well I had noticed that but I thought the reason why it has not been made in this PR was because it should be fixed in staging.

With the language string freeze tomorrow it will need to happen here

#24337 discusses this issue globally for J4.

@HLeithner will have to decide if for J3.

I have tested this item ✅ successfully on 96cb627

@hans2103 Could you test again? Thanks in advance.

I have tested this item ✅ successfully on 96cb627

2 good tests, so RTC is valid again.

Merging

#24337 discusses this issue globally for J4.

@HLeithner will have to decide if for J3.

+1

See: missing noopener noreferrer (occurs twice)

<a href=\"https://freeotp.github.io/\" target=\"_blank\">FreeOTP</a>

https://github.com/Quy/joomla-cms/blob/96cb627464c0f415b42c8fd4187451c45122062e/administrator/language/en-GB/plg_twofactorauth_totp.ini#L24

@Quy

[EDIT]

@sandewt This PR fixed only external links in the Post Installation Messages page. There are other instances like the ones you mentioned to be fixed in a separate PR to address #24337.

@Quy , thanks for your explanation.