If you use the target="_blank" attribute on a link, you are leaving your users open to a very simple phishing attack. Adding rel="noopener noreferrer" on those links will prevent this vulnerability.
Further reading.
- PHP 7.0+
- CakePHP 3.0.0+
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require mosaxiv/cakephp-secure-target-blank
load Helper
// src/View/AppView.php
namespace App\View;
use Cake\View\View;
use SecureTargetBlank\View\Helper\HtmlHelper;
class AppView extends View
{
public function initialize()
{
$this->loadHelper('Html', [
'className' => HtmlHelper::class
]);
}
}Use the Html->link() with [target => "_blank"], rel="noopener noreferrer" will be added.
Html Helper:
$this->Html->link('test', 'http://example.com', ['target' => '_blank'])will render this HTML:
'<a href="http://example.com" target="_blank" rel="noopener noreferrer">test</a>'Html Helper:
$this->Html->link('test_title', ['controller' => 'test'], ['target' => '_blank', 'secureBlank' => false]);will render this HTML:
<a href="/test/index" target="_blank">test_title</a>