Add %HTML.TargetNoreferrer, which adds rel="noreferrer" when target attribute is set

Signed-off-by: Edward Z. Yang <ezyang@cs.stanford.edu>
2025-08-25 15:01:26 +02:00 · 2016-06-30 21:42:40 -04:00
parent cc35c8eb8c
commit 1675fc7caf
12 changed files with 130 additions and 2 deletions
--- a/5
+++ b/5
@@ -10,6 +10,11 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 ==========================

 4.8.0, unknown release date
+# By default, when a link has a target attribute associated
+  with it, we now also add rel="noreferrer" in order to
+  prevent the new window from being able to overwrite
+  the original frame.  To disable this protection,
+  set %HTML.TargetNoreferrer to FALSE.
 ! Full PHP 7 compatibility, the test suite is ALL GO.
 ! %CSS.AllowDuplicates permits duplicate CSS properties.
 ! Support for 'tel' URIs.