From 4cd55431c054c03f590001c37fe451bbadec8c20 Mon Sep 17 00:00:00 2001
From: Spring Raindrop <SpringRaindrop@vivaldi.net>
Date: Wed, 29 Sep 2021 15:39:04 +0000
Subject: [PATCH] [Fix] `jsx-no-target-blank`: further improve error messages

State that `rel="noreferrer"` is preferred and implies `rel="noopener"`.
---
 lib/rules/jsx-no-target-blank.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rules/jsx-no-target-blank.js b/lib/rules/jsx-no-target-blank.js
index f0b5ae6966..18e056575c 100644
--- a/lib/rules/jsx-no-target-blank.js
+++ b/lib/rules/jsx-no-target-blank.js
@@ -97,8 +97,8 @@ function hasSecureRel(node, allowReferrer, warnOnSpreadAttributes, spreadAttribu
 }
 
 const messages = {
-  noTargetBlankWithoutNoreferrer: 'Using target="_blank" without rel="noreferrer" is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations',
-  noTargetBlankWithoutNoopener: 'Using target="_blank" without rel="noopener" is a security risk: see https://mathiasbynens.github.io/rel-noopener/#recommendations'
+  noTargetBlankWithoutNoreferrer: 'Using target="_blank" without rel="noreferrer" (which implies rel="noopener") is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations',
+  noTargetBlankWithoutNoopener: 'Using target="_blank" without rel="noreferrer" or rel="noopener" (the former implies the latter and is preferred due to wider support) is a security risk: see https://mathiasbynens.github.io/rel-noopener/#recommendations'
 };
 
 module.exports = {