Support "rel" attribute
Closed this issue · 2 comments
A security vulnerability exists in the inherent mechanics of opening links with target="_blank"
. In short, the opened window can cause its opener to navigate to a malicious site via the new window's window.opener.location
object. Sites with user-generated content may be especially susceptible.
The proposed fix is to specify a special rel
attribute. Browser support is currently poor, but it might be good to at least remove ember-linkify
as a barrier to specifying this attribute in anchor tag mark-up. Maybe add rel
as a supported option?
Further description and bug tracking issues at https://mathiasbynens.github.io/rel-noopener/.
If agreed, I'm happy to work on a PR for this...
That would be great, happy to accept a PR. Thank you!