[Fix] jsx-no-target-blank: improve error messages

Show different error messages depending on whether referrer is allowed; clarify about `noreferrer` only being necessary in older browsers. Closes #3044.
jsx-eslint · Sep 29, 2021 · aa670df · aa670df
1 parent 8785c16
commit aa670df
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/lib/rules/jsx-no-target-blank.js b/lib/rules/jsx-no-target-blank.js
@@ -97,7 +97,8 @@ function hasSecureRel(node, allowReferrer, warnOnSpreadAttributes, spreadAttribu
 }
 
 const messages = {
-  noTargetBlank: 'Using target="_blank" without rel="noreferrer" is a security risk: see https://html.spec.whatwg.org/multipage/links.html#link-type-noopener'
+  noTargetBlankWithoutNoreferrer: 'Using target="_blank" without rel="noreferrer" is a security risk in older browsers: see https://mathiasbynens.github.io/rel-noopener/#recommendations',
+  noTargetBlankWithoutNoopener: 'Using target="_blank" without rel="noopener" is a security risk: see https://mathiasbynens.github.io/rel-noopener/#recommendations'
 };
 
 module.exports = {
@@ -173,7 +174,8 @@ module.exports = {
           const hasDangerousLink = hasExternalLink(node, linkAttribute, warnOnSpreadAttributes, spreadAttributeIndex)
             || (enforceDynamicLinks === 'always' && hasDynamicLink(node, linkAttribute));
           if (hasDangerousLink && !hasSecureRel(node, allowReferrer, warnOnSpreadAttributes, spreadAttributeIndex)) {
-            report(context, messages.noTargetBlank, 'noTargetBlank', {
+            const messageId = allowReferrer ? 'noTargetBlankWithoutNoopener' : 'noTargetBlankWithoutNoreferrer';
+            report(context, messages[messageId], messageId, {
               node,
               fix(fixer) {
                 // eslint 5 uses `node.attributes`; eslint 6+ uses `node.parent.attributes`
@@ -244,7 +246,8 @@ module.exports = {
             hasExternalLink(node, formAttribute)
             || (enforceDynamicLinks === 'always' && hasDynamicLink(node, formAttribute))
           ) {
-            report(context, messages.noTargetBlank, 'noTargetBlank', {
+            const messageId = allowReferrer ? 'noTargetBlankWithoutNoopener' : 'noTargetBlankWithoutNoreferrer';
+            report(context, messages[messageId], messageId, {
               node
             });
           }

diff --git a/tests/lib/rules/jsx-no-target-blank.js b/tests/lib/rules/jsx-no-target-blank.js
@@ -25,7 +25,7 @@ const parserOptions = {
 // ------------------------------------------------------------------------------
 
 const ruleTester = new RuleTester({parserOptions});
-const defaultErrors = [{messageId: 'noTargetBlank'}];
+const defaultErrors = [{messageId: 'noTargetBlankWithoutNoreferrer'}];
 
 ruleTester.run('jsx-no-target-blank', rule, {
   valid: [
@@ -249,7 +249,7 @@ ruleTester.run('jsx-no-target-blank', rule, {
       code: '<a href="http://example.com/20" target="_blank"></a>',
       output: '<a href="http://example.com/20" target="_blank" rel="noreferrer"></a>',
       options: [{allowReferrer: true}],
-      errors: defaultErrors
+      errors: [{messageId: 'noTargetBlankWithoutNoopener'}]
     },
     {
       code: '<a target="_blank" href={ dynamicLink }></a>',