Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add rel="noopener noreferrer" to a link #12861

Merged
merged 3 commits into from May 14, 2018
Merged

Add rel="noopener noreferrer" to a link #12861

merged 3 commits into from May 14, 2018

Conversation

nico3333fr
Copy link
Contributor

Hi there,

first thanks for Matomo, I use it on several website, really happy with it. 馃憤

While running a detectify on one of my website, it found that the piwik/piwik.php is giving this text
This resource is part of Matomo. Keep full control of your data with the leading free and open source digital analytics platform for web and mobile. with a link to Matomo using target="_blank".

And it advised me to add rel="noopener noreferrer" to this link, which is indeed, a good security pratice, see https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c for example.

I've modified all the files where I found it, hope this will be enough.

Cheers,
Nicolas

@Findus23
Copy link
Member

Findus23 commented May 8, 2018

Thanks @nico3333fr and congratulation to the first PR 馃帀

Using noreferrer is definitely a good idea.

@c960657 is currently going through all external links in #12780 so this is related.

@mattab
Copy link
Member

mattab commented May 8, 2018

Thanks for the PR! FYI there are 2 tests failing

1) Piwik\Tests\Unit\Tracker\ResponseTest::test_outputResponse_shouldOutputPiwikMessage_InCaseNothingWasTracked
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'This resource is part of Matomo. Keep full control of your data with the leading free and open source <a href='https://matomo.org' target='_blank'>digital analytics platform</a> for web and mobile.'
+'This resource is part of Matomo. Keep full control of your data with the leading free and open source <a href='https://matomo.org' target='_blank' rel='noopener noreferrer'>digital analytics platform</a> for web and mobile.'


3) Piwik\Tests\Integration\TrackerTest::test_main_shouldReturnEmptyPiwikResponse_IfNoRequestsAreGiven
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'This resource is part of Matomo. Keep full control of your data with the leading free and open source <a href='https://matomo.org' target='_blank'>digital analytics platform</a> for web and mobile.'
+'This resource is part of Matomo. Keep full control of your data with the leading free and open source <a href='https://matomo.org' target='_blank' rel='noopener noreferrer'>digital analytics platform</a> for web and mobile.'
/home/travis/build/matomo-org/matomo/tests/PHPUnit/Integration/TrackerTest.php:255

(There are actually more tests failing but they are unrelated to this PR, we'll need to fix them as soon as doable cc @sgiehl @diosmosis )

@sgiehl sgiehl merged commit 1f21ebc into matomo-org:3.x-dev May 14, 2018
InfinityVoid pushed a commit to InfinityVoid/matomo that referenced this pull request Oct 11, 2018
@nico3333fr @InfinityVoid
Add rel="noopener noreferrer" to a link (matomo-org#12861)
9e21e6d 
* Add rel="noopener noreferrer" to target="_blank" a

Best practise for link using target="_blank". See https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c for details.

* update test

* update test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur approved these changes

@Findus23 Findus23 Findus23 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@nico3333fr @Findus23 @mattab @tsteur @sgiehl