Pattern: Use of target="_blank" without rel="noopener noreferrer"
Issue: -
This rule disallows using target="_blank" attribute without rel="noopener noreferrer" to avoid a security vulnerability(see here for more details).
<script>
/* eslint svelte/no-target-blank: "error" */
</script>
<!-- ✓ GOOD -->
<a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" target="_blank">link</a>{
"svelte/no-target-blank": [
"error",
{
"allowReferrer": true,
"enforceDynamicLinks": "always"
}
]
}allowReferrer... Iftrue, does not require noreferrer.defaultfalseenforceDynamicLinks ("always" | "never")... Ifalways, enforces the rule if the href is a dynamic link. defaultalways.
<script>
/* eslint svelte/no-target-blank: ['error', { allowReferrer: false }] */
</script>
<!-- ✓ GOOD -->
<a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" target="_blank" rel="noopener">link</a><script>
/* eslint svelte/no-target-blank: ['error', { allowReferrer: true }] */
</script>
<!-- ✓ GOOD -->
<a href="http://example.com" target="_blank" rel="noopener">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" target="_blank">link</a><script>
/* eslint svelte/no-target-blank: ['error', { enforceDynamicLinks: 'always' }] */
</script>
<!-- ✓ GOOD -->
<a href={link} target="_blank" rel="noopener noreferrer">link</a>
<!-- ✗ BAD -->
<a href={link} target="_blank">link</a><script>
/* eslint svelte/no-target-blank: ['error', { enforceDynamicLinks: 'never' }] */
</script>
<!-- ✓ GOOD -->
<a href={link} target="_blank">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" target="_blank">link</a>This rule was introduced in eslint-plugin-svelte v0.0.4