Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(create-vite): add rel="noreferrer" to links with target="_blank" #13750

Closed
wants to merge 1 commit into from

Conversation

ArnaudBarre
Copy link
Member

Same as #10675 but for other templates

@stackblitz
Copy link

stackblitz bot commented Jul 8, 2023

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@bluwy
Copy link
Member

bluwy commented Jul 10, 2023

I don't think we need this for all templates? It's specifically added for Svelte as older browsers had the referrer/opener risk, but Vite being a framework that supports browsers that doesn't have this risk anymore, I think we can omit it.

@ArnaudBarre
Copy link
Member Author

Oh I didn't know this was fixed, I'll check the versions on if this is long enough for all browsers I will close this

@ArnaudBarre
Copy link
Member Author

So yeah the change landed Chrome 88, Firefox 79 and Safari end of 2018, which is almost the default target of Vite. Lean something. Let's close this

@ArnaudBarre ArnaudBarre deleted the rel-noreferrer branch July 10, 2023 23:14
@Primajin
Copy link

Primajin commented Jan 6, 2024

Hmm I was about to propose the exact same change, since when you initially set up vite and run lint it will already error on an out of the box project.

mypath\src\App.jsx
  12:9  error  Using target="_blank" without rel="noreferrer" (which implies rel="noopener") is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations  react/jsx-no-target-blank
  15:9  error  Using target="_blank" without rel="noreferrer" (which implies rel="noopener") is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations  react/jsx-no-target-blank

✖ 2 problems (2 errors, 0 warnings)
  2 errors and 0 warnings potentially fixable with the `--fix` option.

I think a project of this magnitude should be clean out of the box with no (lint) errors 🙏🏻

@ArnaudBarre
Copy link
Member Author

@Primajin Thanks for pointing it out (I never use the JS template 🙈), I've addressed it the linked PR

@rodrigc
Copy link

rodrigc commented Sep 7, 2024

@ArnaudBarre What do you think about this: #16612 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants