From: Tim Düsterhus Date: Wed, 8 Jun 2022 13:44:49 +0000 (+0200) Subject: Stop adding `rel="noreferrer"` to external URLs X-Git-Tag: 6.0.0_Alpha_1~1195^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e3e4503619d673d4287e173082b547b9207c0f3d;p=GitHub%2FWoltLab%2FWCF.git Stop adding `rel="noreferrer"` to external URLs This property was added together with `noopener` to protect users with older web browsers that do not yet support `noopener`. The latter now is well-supported since several years and in fact even is the default value in modern web browsers. This allows us to drop the `noreferrer` from those links safely. Stripping the `referer` header can be more reliably achieved with the `referrer-policy` header that also gives the administrator more fine-grained control. --- diff --git a/wcfsetup/install/files/acp/templates/header.tpl b/wcfsetup/install/files/acp/templates/header.tpl index 1b77185232..228b61f7b5 100644 --- a/wcfsetup/install/files/acp/templates/header.tpl +++ b/wcfsetup/install/files/acp/templates/header.tpl @@ -211,7 +211,6 @@ if (link.classList.contains('externalURL')) { var rel = (link.rel === '') ? [] : link.rel.split(' '); if (rel.indexOf('noopener') === -1) rel.push('noopener'); - if (rel.indexOf('noreferrer') === -1) rel.push('noreferrer'); link.rel = rel.join(' '); } diff --git a/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeA.class.php b/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeA.class.php index 60e185242d..501724c7be 100644 --- a/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeA.class.php +++ b/wcfsetup/install/files/lib/system/html/output/node/HtmlOutputNodeA.class.php @@ -77,7 +77,7 @@ class HtmlOutputNodeA extends AbstractHtmlOutputNode $rel = 'nofollow'; if (EXTERNAL_LINK_TARGET_BLANK) { - $rel .= ' noopener noreferrer'; + $rel .= ' noopener'; $element->setAttribute('target', '_blank'); } diff --git a/wcfsetup/install/files/lib/system/template/plugin/AnchorAttributesFunctionTemplatePlugin.class.php b/wcfsetup/install/files/lib/system/template/plugin/AnchorAttributesFunctionTemplatePlugin.class.php index 757fbcc5d8..745bf92549 100644 --- a/wcfsetup/install/files/lib/system/template/plugin/AnchorAttributesFunctionTemplatePlugin.class.php +++ b/wcfsetup/install/files/lib/system/template/plugin/AnchorAttributesFunctionTemplatePlugin.class.php @@ -59,7 +59,7 @@ class AnchorAttributesFunctionTemplatePlugin implements IFunctionTemplatePlugin $rel = 'nofollow'; if (EXTERNAL_LINK_TARGET_BLANK) { - $rel .= ' noopener noreferrer'; + $rel .= ' noopener'; $attributes .= ' target="_blank"'; } if ($isUgc) { diff --git a/wcfsetup/install/files/lib/util/StringUtil.class.php b/wcfsetup/install/files/lib/util/StringUtil.class.php index d3fb521faf..377912bb98 100644 --- a/wcfsetup/install/files/lib/util/StringUtil.class.php +++ b/wcfsetup/install/files/lib/util/StringUtil.class.php @@ -763,7 +763,7 @@ final class StringUtil $attributes .= ' class="externalURL"'; $rel = 'nofollow'; if (EXTERNAL_LINK_TARGET_BLANK) { - $rel .= ' noopener noreferrer'; + $rel .= ' noopener'; $attributes .= 'target="_blank"'; } if ($isUgc) {