core(noopener-audit): noreferrer implies noopener #4920
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jwheare
requested review from
brendankenny,
patrickhulce and
paulirish
as code owners
|
thanks for the PR @jwheare! last time this died from lack of consensus on recommending both/just one/etc. I'm still in favor of allowing either to pass like you've implemented here. @paulirish WDYT now? |
paulirish
requested changes
Apr 4, 2018
| @@ -16,9 +16,10 @@ class ExternalAnchorsUseRelNoopenerAudit extends Audit { | |||
| return { | |||
| name: 'external-anchors-use-rel-noopener', | |||
| description: 'Opens external anchors using `rel="noopener"`', | |||
There was a problem hiding this comment.
Links to cross-origin destinations are safe
| failureDescription: 'Does not open external anchors using `rel="noopener"`', | ||
| helpText: 'Open new tabs using `rel="noopener"` to improve performance and ' + | ||
| 'prevent security vulnerabilities. ' + | ||
| failureDescription: 'Does not open external anchors using `rel="noopener"` or ' + |
There was a problem hiding this comment.
Links to cross-origin destinations are unsafe
| 'prevent security vulnerabilities. ' + | ||
| failureDescription: 'Does not open external anchors using `rel="noopener"` or ' + | ||
| '`rel="noreferrer"`', | ||
| helpText: 'Open new tabs using `rel="noopener"` or `rel="noreferrer"` to improve ' + |
There was a problem hiding this comment.
Add
rel="noopener"orrel="noreferrer"to any external links to improve performance and prevent security vulnerabilities.
|
Wording changes sound good to me. Is the text on https://developers.google.com/web/tools/lighthouse/audits/noopener editable in a repo somewhere? Would be good to update that to mention noreferrer too. |
paulirish
approved these changes
Apr 4, 2018
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes #2482 and updates #2485 fixing conflicts.
The added tests were checked with ./lighthouse-cli/test/smokehouse/dobetterweb/run-tests.sh
Not sure why the byte-efficiency test is failing in appveyor, it happened to me too locally, but I haven't made any changes that would affect it from what I can tell.