4be546a Aug 20, 2016
@lencioni @embrown @Gasparila
28 lines (19 sloc) 883 Bytes

Prevent usage of unsafe target='_blank' (jsx-no-target-blank)

When creating a JSX element that has an a tag, it is often desired to have the link open in a new tab using the target='_blank' attribute. Using this attribute unaccompanied by rel='noreferrer noopener', however, is a severe security vulnerability (see here for more details) This rules requires that you accompany all target='_blank' attributes with rel='noreferrer noopener'.

Rule Details

The following patterns are considered errors:

var Hello = <a target='_blank'></a>

The following patterns are not considered errors:

var Hello = <p target='_blank'></p>
var Hello = <a target='_blank' rel='noopener noreferrer'></a>
var Hello = <a></a>

When Not To Use It

If you do not have any external links, you can disable this rule