-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jsx-no-target-blank: Allow to specify allowed hosts #2941
Comments
Why would you want target blank when a user is navigating within your own site? Target blank is a bad UX practice overall. |
@ljharb Not within the same site, but between different sites that I control. Let's say between app1 and app2 and my landing page. I want to be able to track interactions & conversion, and I know these destinations won't abuse the Referer header. |
@adarnon sure, but why would you want those to open in a new window? In general, forcing a new window/tab on the user is rude; every browser and platform has an "open in new tab/window" idiom that a user who wants a new tab/window already knows how to use (the ones who don't, don't want it). |
@ljharb I don't think the purpose here is to discuss UX... There are links, such as a link to my company's Terms of Service or Support page, that in my opinion should open in a new window, because they are displayed during interactions that shouldn't be accidentally disturbed (e.g., while filling out a form) |
If the ask is for a new linter rule, then one that enables poor UX means that UX is certainly worth discussing. Do those cases happen often enough that an eslint override comment is insufficient? |
Linters are meant to prevent programmer errors, not poor UX decisions. Target _blank is a necessary tool sometimes, and the purpose of this rule is to prevent security errors that this feature causes, not to prevent its usage overall. I believe that eslint override comments should only be used when there's absolutely no other choice. They're hard to maintain and using them misses out on a big benefit of linter config - having a uniform way to do things across the entire app. In this case, I think there's a generic use case for allowing certain hosts through without having to set |
Poor UX decisions are programmer errors :-) You're totally right about the purpose of this rule. Having the config you're asking for is equally dangerous - if sometime in the future you no longer control that domain. |
I also am looking for an option like this. I have a few links to docs articles from my app, which I want to open in a new tab to avoid accidentally disrupting the user's work (please don't argue the UX of this, that's not the point). I'm not worried about losing control of my docs website. As it is, I need to manually disable every link to these docs. I'm tempted to disable the rule in general because of the bad DX. I hope you'll reconsider this decision, and permit an option to allowlist particular hostnames. For now, I modified the rule into a custom rule that adds an |
I'm not sure how the "UX of this" isn't the entire point? |
The first line of the rule's doc is:
So, the rule admits that it's a desired thing to do. Then it says the purpose of the rule, (which is not to prevent all use of target=_blank):
So, what's being proposed here is greater control over what is considered "external", that's all. |
That's fair that the docs imply what you're saying - but the rule's name implies what i'm saying.
|
This rule is great to prevent the
target="_blank"
security vulnerability, but there are times where you wouldn't want to setnoreferrer
, such as if you're linking to another website under your control.For theses cases, instead of manually overriding each line, I think it would be useful to be able to pass an "allowedHosts" option, so the rule would allow static href values that have one of these hosts.
The text was updated successfully, but these errors were encountered: