This repository was archived by the owner on Feb 6, 2024. It is now read-only.
This repository was archived by the owner on Feb 6, 2024. It is now read-only.
studio: add rel to outgoing links for security reasons #815
Description
Affected part of DeckDeckGo
- Studio
- Remote control
- Documentation
- Demo
- Starter kit
- Poll
- Web Components
- Templates
Feature Description
Links to cross-origin destinations are unsafe
When you link to a page on another site using the target="_blank" attribute, you can expose your site to performance and security issues:
- The other page may run on the same process as your page. If the other page is running a lot of JavaScript, your page's performance may suffer.
- The other page can access your window object with the window.opener property. This may allow the other page to redirect your page to a malicious URL.
Read further in web.dev documentation
To add this to your outgoing URLs, it will help the security of your website and application.
rel="noopener"prevents the new page from being able to access the window.opener property and ensures it runs in a separate process.rel="noreferrer"has the same effect but also prevents the Referer header from being sent to the new page.
Use Case
Make the application safer and robust, one step at a time.