target=”_blank” vulnerability?

  • Resolved treeliao

    (@treeliao)


    7 years, 6 months ago

    Hello,

    I have been using the beaver builder and it is awesome. I noticed that when adding a link to go with an image (open in a new window), target=”_blank” is added but without rel=”noopener”.

    Considering that target=”_blank” is a rather subtle and widespread vulnerability and it is possible to be exploited, is there any way for us plugin users to manually add nonpener, or any consideration for updating this through beaver builder in the future?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Simon Prosser

    (@pross)

    Thankyou, this will be address in a future version.

    I see this was changed, can it be made optional? it’s widely reported that this breaks referral links from working.

    https://www.bforblogging.com/how-to-remove-rel-noopener-noreferrer-from-wordpress/

    This might be losing people a lot of commissions, I had wondered why my commissions have been down over the past few months and this may be a cause as my clicks are down by traffic and rankings up.

    I see this was changed, can it be made optional? it’s widely reported that this breaks referral links from working.

    https://www.bforblogging.com/how-to-remove-rel-noopener-noreferrer-from-wordpress/

    This might be losing people a lot of commissions, I had wondered why my commissions have been down over the past few months and this may be a cause as my clicks are down by traffic and rankings up.

    Is this still the case or am I late to the party?

    Plugin Author Simon Prosser

    (@pross)

    Using target _blank without noopener is a well known, well documented security issue.

    If it’s breaking an affiliate link, chances are the affiliate program needs to fix something on their end.

    Your linked article seems to stress that its noreferrer that causes the issues, we only add noopener just like WP Core does for _blank links.

    We can’t add it as an option because we’d be leaving sites open to a well known vulnerability.

    If you absolutely must remove noopener from your _blank links then one easy way would be to use a jquery snippet to change the rel on all your links.

    Hi Simon,

    Thanks for properly explaining this issue to me. I think I understand better now and think the best and safest course of action is to contact each affiliate vendor I work with and perform some tests to ensure there are no issues as I appreciate safety is paramount as we continue to evolve the web!

    Happy new year!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘target=”_blank” vulnerability?’ is closed to new replies.