types_render_field() with target "_blank" should add rel="noopener"

This support ticket is created 4 years ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun	Mon	Tue	Wed	Thu	Fri	Sat
-	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	10:00 – 13:00	-
-	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	14:00 – 18:00	-

Supporter timezone: Asia/Kolkata (GMT+05:30)

This topic contains 3 replies, has 2 voices.

Assisted by: Minesh.

Author

Posts

December 22, 2020 at 9:30 pm #1884441

Clifford

"Reverse Tabnabbing" should be fixed...

Anywhere target="_blank" is used, you should include rel="noopener" with it, for security.

I confirmed, on latest version of Toolset Types, that using

types_render_field( 'url', [ 'id' => 1234, 'target' => '_blank', 'title' => 'text' ] )

DOES include target="_blank" but does NOT also include rel="noopener"

You can reference hidden link for more details.

December 23, 2020 at 12:05 pm #1885057

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hello. Thank you for contacting the Toolset support.

Thank you for reporting this and I confirm that we do not add the attribute rel="noopener".

I've escalated this to our next level support for further assessment. Please hold on for further updates.

December 23, 2020 at 1:03 pm #1885103

Minesh

Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

We filed a request for the same and you are welcome to mark resolve this ticket.

December 23, 2020 at 6:56 pm #1885361

Clifford

Thanks for your attention to this.