Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add section about overriding for trusted links #2438

Merged
merged 1 commit into from Oct 12, 2019
Merged

Add section about overriding for trusted links #2438

merged 1 commit into from Oct 12, 2019

Conversation

aschriner
Copy link
Contributor

No description provided.

ljharb
ljharb reviewed Oct 4, 2019
View reviewed changes
docs/rules/jsx-no-target-blank.md Outdated
@@ -74,6 +74,9 @@ var Hello = <Link target="_blank" to="/absolute/path/in/the/host"></Link>
var Hello = <Link />
```

## When To Override It
For internal links, or links to a "safe" host, you may want to keep the HTTP Referer header for analytics purposes.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you elaborate on what you mean by "safe"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated with additional text. To elaborate further on the reason for this change: this lint rule and the linked page make it sound like one should never use target="_blank" without noreferer and noopener. However, as I understand, if you control the site to which you are linking, there is no vulnerability. And there are good reasons to keep the referer header (e.g. interal analytics/tracking).

@ljharb ljharb merged commit 0c1cb28 into jsx-eslint:master Oct 12, 2019
This was referenced Dec 11, 2019
Closed
Open
This was referenced Feb 10, 2020
Merged
Open
Merged
This was referenced Mar 6, 2020
Merged
Open
@snyk-bot snyk-bot mentioned this pull request Mar 20, 2020
Closed
@snyk-bot snyk-bot mentioned this pull request Apr 1, 2020
Open
This was referenced Apr 21, 2020
Closed
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ljharb ljharb ljharb approved these changes

Assignees
No one assigned
Labels
documentation
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aschriner @ljharb