[Fix] jsx-no-target-blank: further improve error messages

State that `rel="noreferrer"` is preferred and implies `rel="noopener"`.
jsx-eslint · Sep 29, 2021 · 4cd5543 · 4cd5543
1 parent aa670df
commit 4cd5543
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/lib/rules/jsx-no-target-blank.js b/lib/rules/jsx-no-target-blank.js
@@ -97,8 +97,8 @@ function hasSecureRel(node, allowReferrer, warnOnSpreadAttributes, spreadAttribu
 }
 
 const messages = {
-  noTargetBlankWithoutNoreferrer: 'Using target="_blank" without rel="noreferrer" is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations',
-  noTargetBlankWithoutNoopener: 'Using target="_blank" without rel="noopener" is a security risk: see https://mathiasbynens.github.io/rel-noopener/#recommendations'
+  noTargetBlankWithoutNoreferrer: 'Using target="_blank" without rel="noreferrer" (which implies rel="noopener") is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations',
+  noTargetBlankWithoutNoopener: 'Using target="_blank" without rel="noreferrer" or rel="noopener" (the former implies the latter and is preferred due to wider support) is a security risk: see https://mathiasbynens.github.io/rel-noopener/#recommendations'
 };
 
 module.exports = {