Refactor HTML.Noopener to HTML.TargetNoopener so that it behaves like HTML.TargetNoreferrer and is active by default if a target is set

2025-08-08 23:26:39 +02:00 · 2017-01-13 17:21:24 +01:00
parent c82051c3e1
commit 8e4cacf0a7
17 changed files with 154 additions and 129 deletions
--- a/6
+++ b/6
@@ -19,7 +19,11 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Deleted some asserts to avoid linters from choking (#97)
 - Rework Serializer cache behavior to avoid chmod'ing if possible (#32)
 - Embedded semicolons in strings in CSS are now handled correctly!
-! Added %HTML.Noopener to add rel="noopener" to external links.
+# By default, when a link has a target attribute associated
+  with it, we now also add rel="noopener" in order to
+  prevent the new window from being able to overwrite
+  the original frame.  To disable this protection,
+  set %HTML.TargetNoopener to FALSE.

 4.8.0, released 2016-07-16
 # By default, when a link has a target attribute associated