Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent usage of unsafe target='_blank' (react/jsx-no-target-blank) #1367

Closed
feross opened this issue Aug 15, 2019 · 1 comment
Closed

Prevent usage of unsafe target='_blank' (react/jsx-no-target-blank) #1367

feross opened this issue Aug 15, 2019 · 1 comment
Labels
accepted enhancement
Milestone
standard 14

Comments

@feross
Copy link
Member

feross commented Aug 15, 2019

https://github.com/yannickcr/eslint-plugin-react/blob/master/docs/rules/jsx-no-target-blank.md

When creating a JSX element that has an a tag, it is often desired to have
the link open in a new tab using the target='_blank' attribute. Using this
attribute unaccompanied by rel='noreferrer noopener', however, is a severe
security vulnerability (see here for more details)
This rules requires that you accompany target='_blank' attributes with rel='noreferrer noopener'.

Rule Details

This rule aims to prevent user generated links from creating security vulnerabilities by requiring
rel='noreferrer noopener' for external links, and optionally any dynamically generated links.

The following patterns are considered errors:

var Hello = <a target='_blank' href="http://example.com/"></a>
var Hello = <a target='_blank' href={dynamicLink}></a>

The following patterns are not considered errors:

var Hello = <p target="_blank"></p>
var Hello = <a target="_blank" rel="noopener noreferrer" href="http://example.com"></a>
var Hello = <a target="_blank" href="relative/path/in/the/host"></a>
var Hello = <a target="_blank" href="/absolute/path/in/the/host"></a>
var Hello = <a></a>
@feross feross added this to the standard 14 milestone Aug 15, 2019
@feross
Copy link
Member Author

feross commented Aug 15, 2019

Shipped in standard 14.

@feross feross closed this as completed in c852a11 Aug 15, 2019
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 27, 2021
suchitg8 pushed a commit to suchitg8/standard that referenced this issue Apr 9, 2022
@feross
Prevent usage of unsafe target='_blank' (react/jsx-no-target-blank)
2ae8315 
Fixes: standard/standard#1367
ShlokBharadwaj referenced this issue in ShlokBharadwaj/portfolio Jul 19, 2023
@ShlokBharadwaj
Update: Link to open in a new tab
7c39154
kaiwang0119 added a commit to kaiwang0119/standard that referenced this issue Aug 26, 2024
@kaiwang0119
Prevent usage of unsafe target='_blank' (react/jsx-no-target-blank)
ec0d0bb 
Fixes: standard/standard#1367
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
accepted enhancement
Projects
The Standard Project
Archived in project
Milestone
standard 14
Development

No branches or pull requests
1 participant
@feross