Skip to content

Files

Latest commit

 

History

History
103 lines (71 loc) · 2.46 KB

no-template-target-blank.md

File metadata and controls

103 lines (71 loc) · 2.46 KB

Pattern: Use of insecure target="_blank"

Issue: -

Description

This rule disallows using target="_blank" attribute without rel="noopener noreferrer" to avoid a security vulnerability(see here for more details).

<template>
  <!-- ✓ Good -->
  <a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>

  <!-- ✗ BAD -->
  <a href="http://example.com" target="_blank" >link</a>
</temlate>

Options

{
  "vue/no-template-target-blank": ["error", {
    "allowReferrer": true,
    "enforceDynamicLinks": "always"
  }]
}
  • allowReferrer ... If true, does not require noreferrer.default false
  • enforceDynamicLinks ("always" | "never") ... If always, enforces the rule if the href is a dynamic link. default always.

{ allowReferrer: false } (default)

<template>
  <!-- ✓ Good -->
  <a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>

  <!-- ✗ BAD -->
  <a href="http://example.com" target="_blank" rel="noopener">link</a>
</temlate>

{ allowReferrer: true }

<template>
  <!-- ✓ Good -->
  <a href="http://example.com" target="_blank" rel="noopener">link</a>

  <!-- ✗ BAD -->
  <a href="http://example.com" target="_blank" >link</a>
</temlate>

{ "enforceDynamicLinks": "always" } (default)

<template>
  <!-- ✓ Good -->
  <a :href="link" target="_blank" rel="noopener noreferrer">link</a>

  <!-- ✗ BAD -->
  <a :href="link" target="_blank">link</a>
</temlate>

{ "enforceDynamicLinks": "never" }

<template>
  <!-- ✓ Good -->
  <a :href="link" target="_blank">link</a>

  <!-- ✗ BAD -->
  <a href="http://example.com" target="_blank" >link</a>
</temlate>

Further Reading