Clay: Add rel="noreferrer noopener" to ClayLink

Created on 3 Jun 2020  路  4Comments  路  Source: liferay/clay

When someone adds the target attribute we should add rel="noreferrer noopener"

3.x
Source
picture bryceosterhaus

All 4 comments

As I mentioned... this should be overridable, in case someone wants it for legit use cases.

For instance, noopener can break authentication schemes that may rely on being able to access window.opener. These are certainly slowly disappearing, but just to be safe.

jbalsas picture jbalsas on 4 Jun 2020
👍1

@jbalsas something like a unsafeTarget boolean prop, defaulted to false, that will ommit rel="noreferrer noopener" from the markup.

kresimir-coko picture kresimir-coko on 4 Jun 2020

I don't know... maybe just be careful with the implementation and make sure passing in a rel prop will override our default properly...

I don't need to be involved in the technical decision, up to you all ;)

jbalsas picture jbalsas on 4 Jun 2020
👍1

@kresimir-coko I think we could default the rel prop to be noreferrer noopener, but allow users to pass in whatever they want to override it.

Check out my PR for an idea

bryceosterhaus picture bryceosterhaus on 8 Jun 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

drakonux picture drakonux  路  3Comments
joseigor picture joseigor  路  5Comments
dgarciasarai picture dgarciasarai  路  3Comments
brunofarache picture brunofarache  路  5Comments
dgarciasarai picture dgarciasarai  路  4Comments