-
Notifications
You must be signed in to change notification settings - Fork 199
Fix #571: Avoid redundant rel values in react-anchor-blank-noopener #574
Fix #571: Avoid redundant rel values in react-anchor-blank-noopener #574
Conversation
Hi @esuau, thanks for sending this! Per discussion in the linked issue, it's unclear which browsers support the better behavior of inferring proper tags. We'll want to have a rule option to toggle this behavior. I'll leave this PR open for a bit in case you have time to add that option in. If not, no worries! |
Sure, I'll try to work on this. |
…/esuau/tslint-microsoft-contrib into rule/react-anchor-blank-noopener
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like my huge PR for removing redundant comments merged in improperly to your PR branch. Sorry about that! I'll wait to review until the changes are clean again.
Hello. Merge was clean actually. I just did a rebase on your master branch. 😊 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks! 🎉
Problem
Fixes #571
The rule
react-anchor-blank-noopener
was designed to avoid security vulnerabilities by the use ofrel="noopener noreferrer"
in anchor tags containingtarget="_blank"
. It appears thatrel="noreferrer"
impliesrel="noopener"
.Solution
I removed the obligation to use both
noopener
andnoreferrer
whentarget="_blank"
is used, and only kept the rule to addrel="noreferrer"
.