[BUGFIX] Use "noreferrer" instead of "noopener noreferrer" 21/62421/4
authorBenni Mack <benni@typo3.org>
Sat, 23 Nov 2019 15:31:32 +0000 (16:31 +0100)
committerSusanne Moog <look@susi.dev>
Mon, 25 Nov 2019 06:53:55 +0000 (07:53 +0100)
Various patches introduced a feature to not send the referer
nor the opener information to external links.

However, just because others CMS do it this way,
one should carefully consider WHAT THESE THINGS DO.

So, adding "noreferrer" implicitly includes "noopener".
What this means is that we can save a lot of bytes, save the
environment by producing less bytes and sending them over the wire.

References:
- https://www.w3.org/TR/2011/WD-html5-20110113/links.html#link-type-noreferrer
- https://web.dev/external-anchors-use-rel-noopener/
- https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer

Relates: #78488
Relates: #89044
Resolves: #89757
Releases: master
Change-Id: Ia366169cd30da23f988bae04175fdaa18be418b2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62421
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <look@susi.dev>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Susanne Moog <look@susi.dev>
21 files changed:
typo3/sysext/about/Resources/Private/Language/Modules/about.xlf
typo3/sysext/about/Resources/Private/Partials/Donation.html
typo3/sysext/about/Resources/Private/Partials/ExternalLibraries.html
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/Utility/BackendUtility.php
typo3/sysext/backend/Resources/Private/Language/locallang_login.xlf
typo3/sysext/backend/Resources/Private/Layouts/Login.html
typo3/sysext/core/Classes/Error/DebugExceptionHandler.php
typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst [new file with mode: 0644]
typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst [deleted file]
typo3/sysext/core/Resources/Private/Templates/ErrorPage/Error.html
typo3/sysext/extensionmanager/Resources/Private/Templates/List/ShowAllVersions.html
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
typo3/sysext/frontend/Tests/Unit/ContentObject/ContentObjectRendererTest.php
typo3/sysext/install/Classes/UpgradeAnalysis/DocumentationFile.php
typo3/sysext/install/Resources/Private/Templates/Maintenance/Cards.html
typo3/sysext/install/Resources/Private/Templates/Upgrade/Cards.html
typo3/sysext/install/Resources/Private/Templates/Upgrade/ExtensionScanner.html
typo3/sysext/linkvalidator/Resources/Private/Templates/mod_template.html
typo3/sysext/workspaces/Resources/Private/Templates/Preview/Index.html

index ab5cd3c..93ec126 100644 (file)
                                <source>TYPO3 CMS - Professional Web Content Management System</source>
                        </trans-unit>
                        <trans-unit id="minor" resname="minor">
-                               <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using %s %s</source>
+                               <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using %s %s</source>
                        </trans-unit>
                        <trans-unit id="cms_description" resname="cms_description">
-                               <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using version %s - Copyright %s %s</source>
+                               <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using version %s - Copyright %s %s</source>
                        </trans-unit>
                        <trans-unit id="community_credits" resname="community_credits">
                                <source>Community Credits</source>
                        </trans-unit>
                        <trans-unit id="information_detail" resname="information_detail">
-                               <source>Visit &lt;a href="https://typo3.org/community/" target="_blank" rel="noopener noreferrer"&gt;typo3.org/community/&lt;/a&gt; if you want to know why TYPO3 rocks.</source>
+                               <source>Visit &lt;a href="https://typo3.org/community/" target="_blank" rel="noreferrer"&gt;typo3.org/community/&lt;/a&gt; if you want to know why TYPO3 rocks.</source>
                        </trans-unit>
                        <trans-unit id="coredevs" resname="coredevs">
                                <source>Core Team</source>
                        </trans-unit>
                        <trans-unit id="coredevs_detail" resname="coredevs_detail">
-                               <source>Visit &lt;a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noopener noreferrer"&gt;typo3.org/teams-committees/core-development/&lt;/a&gt; for the complete member list.&lt;br /&gt;&lt;br /&gt;The Git Repository and the ChangeLog can be found &lt;a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank"&gt;here&lt;/a&gt;.</source>
+                               <source>Visit &lt;a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noreferrer"&gt;typo3.org/teams-committees/core-development/&lt;/a&gt; for the complete member list.&lt;br /&gt;&lt;br /&gt;The Git Repository and the ChangeLog can be found &lt;a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank"&gt;here&lt;/a&gt;.</source>
                        </trans-unit>
                        <trans-unit id="extension_authors" resname="extension_authors">
                                <source>Extension Authors</source>
index 0012c32..fc8a771 100644 (file)
@@ -6,7 +6,7 @@
         <p>
             {f:translate(key: 'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_message') -> f:format.raw()}
         </p>
-        <a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noopener noreferrer">
+        <a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noreferrer">
             <f:translate key="LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button" />
         </a>
     </div>
index e794dd3..d7737b7 100644 (file)
     <table class="table panel-table">
         <tr>
             <td>Composer</td>
-            <td><a href="https://getcomposer.org" target="_blank" rel="noopener noreferrer">getcomposer.org</a></td>
+            <td><a href="https://getcomposer.org" target="_blank" rel="noreferrer">getcomposer.org</a></td>
         </tr>
         <tr>
             <td>jQuery</td>
-            <td><a href="https://jquery.com" target="_blank" rel="noopener noreferrer">jquery.com</a></td>
+            <td><a href="https://jquery.com" target="_blank" rel="noreferrer">jquery.com</a></td>
         </tr>
         <tr>
             <td>Twitter Bootstrap</td>
-            <td><a href="http://getbootstrap.com" target="_blank" rel="noopener noreferrer">getbootstrap.com</a></td>
+            <td><a href="http://getbootstrap.com" target="_blank" rel="noreferrer">getbootstrap.com</a></td>
         </tr>
         <tr>
             <td>Doctrine Project (DBAL Component and Instantiator)</td>
-            <td><a href="http://www.doctrine-project.org/projects/dbal.html" target="_blank" rel="noopener noreferrer">doctrine-project.org</a></td>
+            <td><a href="http://www.doctrine-project.org/projects/dbal.html" target="_blank" rel="noreferrer">doctrine-project.org</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: Config</td>
-            <td><a href="https://symfony.com/doc/current/components/config.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/config.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: Console</td>
-            <td><a href="https://symfony.com/doc/current/components/console.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/console.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: DependencyInjection</td>
-            <td><a href="https://symfony.com/doc/current/components/dependency_injection.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/dependency_injection.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: ExpressionLanguage</td>
-            <td><a href="https://symfony.com/doc/current/components/expression_language.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/expression_language.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: Finder</td>
-            <td><a href="https://symfony.com/doc/current/components/finder.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/finder.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: Mailer</td>
-            <td><a href="https://symfony.com/doc/current/components/mailer.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/mailer.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: Mime</td>
-            <td><a href="https://symfony.com/doc/current/components/mime.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/mime.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: PropertyAccess</td>
-            <td><a href="https://symfony.com/doc/current/components/property_access.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/property_access.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: PropertyInfo</td>
-            <td><a href="https://symfony.com/doc/current/components/property_info.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/property_info.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: Routing</td>
-            <td><a href="https://symfony.com/doc/current/components/routing.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/routing.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Symfony Framework Component: YAML</td>
-            <td><a href="https://symfony.com/doc/current/components/yaml.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+            <td><a href="https://symfony.com/doc/current/components/yaml.html" target="_blank" rel="noreferrer">symfony.com</a></td>
         </tr>
         <tr>
             <td>Guzzle PHP</td>
-            <td><a href="http://guzzlephp.org" target="_blank" rel="noopener noreferrer">guzzlephp.org</a></td>
+            <td><a href="http://guzzlephp.org" target="_blank" rel="noreferrer">guzzlephp.org</a></td>
         </tr>
         <tr>
             <td>d3 Data Driven Documents</td>
-            <td><a href="https://d3js.org" target="_blank" rel="noopener noreferrer">d3js.org</a></td>
+            <td><a href="https://d3js.org" target="_blank" rel="noreferrer">d3js.org</a></td>
         </tr>
         <tr>
             <td>CKEditor</td>
-            <td><a href="http://ckeditor.com" target="_blank" rel="noopener noreferrer">ckeditor.com</a></td>
+            <td><a href="http://ckeditor.com" target="_blank" rel="noreferrer">ckeditor.com</a></td>
         </tr>
         <tr>
             <td>RequireJS</td>
-            <td><a href="http://requirejs.org" target="_blank" rel="noopener noreferrer">requirejs.org</a></td>
+            <td><a href="http://requirejs.org" target="_blank" rel="noreferrer">requirejs.org</a></td>
         </tr>
         <tr>
             <td>moment.js</td>
-            <td><a href="https://momentjs.com" target="_blank" rel="noopener noreferrer">momentjs.com</a></td>
+            <td><a href="https://momentjs.com" target="_blank" rel="noreferrer">momentjs.com</a></td>
         </tr>
         <tr>
             <td>NProgress</td>
-            <td><a href="http://ricostacruz.com/nprogress/" target="_blank" rel="noopener noreferrer">ricostacruz.com</a></td>
+            <td><a href="http://ricostacruz.com/nprogress/" target="_blank" rel="noreferrer">ricostacruz.com</a></td>
         </tr>
         <tr>
             <td>Autosize</td>
-            <td><a href="http://www.jacklmoore.com/autosize/" target="_blank" rel="noopener noreferrer">jacklmoore.com</a></td>
+            <td><a href="http://www.jacklmoore.com/autosize/" target="_blank" rel="noreferrer">jacklmoore.com</a></td>
         </tr>
         <tr>
             <td>Cropper.js</td>
-            <td><a href="https://fengyuanchen.github.io/cropper/" target="_blank" rel="noopener noreferrer">fengyuanchen.github.io</a></td>
+            <td><a href="https://fengyuanchen.github.io/cropper/" target="_blank" rel="noreferrer">fengyuanchen.github.io</a></td>
         </tr>
         <tr>
             <td>ImagesLoaded</td>
-            <td><a href="http://imagesloaded.desandro.com" target="_blank" rel="noopener noreferrer">imagesloaded.desandro.com</a></td>
+            <td><a href="http://imagesloaded.desandro.com" target="_blank" rel="noreferrer">imagesloaded.desandro.com</a></td>
         </tr>
         <tr>
             <td>jQuery UI</td>
-            <td><a href="https://jqueryui.com" target="_blank" rel="noopener noreferrer">jqueryui.com</a></td>
+            <td><a href="https://jqueryui.com" target="_blank" rel="noreferrer">jqueryui.com</a></td>
         </tr>
         <tr>
             <td>Twitter Bootstrap Plugin: DateTimePicker</td>
-            <td><a href="https://eonasdan.github.io/bootstrap-datetimepicker/" target="_blank" rel="noopener noreferrer">eonasdan.github.io</a></td>
+            <td><a href="https://eonasdan.github.io/bootstrap-datetimepicker/" target="_blank" rel="noreferrer">eonasdan.github.io</a></td>
         </tr>
         <tr>
             <td>Twitter Bootstrap Plugin: Slider</td>
-            <td><a href="http://seiyria.com/bootstrap-slider/" target="_blank" rel="noopener noreferrer">seiyria.com</a></td>
+            <td><a href="http://seiyria.com/bootstrap-slider/" target="_blank" rel="noreferrer">seiyria.com</a></td>
         </tr>
         <tr>
             <td>jQuery Plugin: Ajax AutoComplete</td>
-            <td><a href="https://www.devbridge.com/sourcery/components/jquery-autocomplete/" target="_blank" rel="noopener noreferrer">devbridge.com</a></td>
+            <td><a href="https://www.devbridge.com/sourcery/components/jquery-autocomplete/" target="_blank" rel="noreferrer">devbridge.com</a></td>
         </tr>
         <tr>
             <td>jQuery Plugin: DataTables</td>
-            <td><a href="https://datatables.net" target="_blank" rel="noopener noreferrer">datatables.net</a></td>
+            <td><a href="https://datatables.net" target="_blank" rel="noreferrer">datatables.net</a></td>
         </tr>
         <tr>
             <td>jQuery Plugin: MiniColors</td>
-            <td><a href="http://labs.abeautifulsite.net/jquery-minicolors/" target="_blank" rel="noopener noreferrer">labs.abeautifulsite.net</a></td>
+            <td><a href="http://labs.abeautifulsite.net/jquery-minicolors/" target="_blank" rel="noreferrer">labs.abeautifulsite.net</a></td>
         </tr>
         <tr>
             <td>jQuery Plugin: Tab Override</td>
-            <td><a href="http://wjbryant.github.io/taboverride/" target="_blank" rel="noopener noreferrer">wjbryant.github.io</a></td>
+            <td><a href="http://wjbryant.github.io/taboverride/" target="_blank" rel="noreferrer">wjbryant.github.io</a></td>
         </tr>
         <tr>
             <td>Neos (Form component)</td>
-            <td><a href="https://www.neos.io" target="_blank" rel="noopener noreferrer">neos.io</a></td>
+            <td><a href="https://www.neos.io" target="_blank" rel="noreferrer">neos.io</a></td>
         </tr>
         <tr>
             <td>FineDiff</td>
-            <td><a href="https://github.com/cogpowered/FineDiff" target="_blank" rel="noopener noreferrer">github.com</a></td>
+            <td><a href="https://github.com/cogpowered/FineDiff" target="_blank" rel="noreferrer">github.com</a></td>
         </tr>
         <tr>
             <td>IDNA Convert</td>
-            <td><a href="https://idnaconv.net" target="_blank" rel="noopener noreferrer">idnaconv.net</a></td>
+            <td><a href="https://idnaconv.net" target="_blank" rel="noreferrer">idnaconv.net</a></td>
         </tr>
         <tr>
             <td>CodeMirror</td>
-            <td><a href="http://codemirror.net" target="_blank" rel="noopener noreferrer">codemirror.net</a></td>
+            <td><a href="http://codemirror.net" target="_blank" rel="noreferrer">codemirror.net</a></td>
         </tr>
     </table>
 </div>
index a8a8730..aadefce 100644 (file)
@@ -541,7 +541,7 @@ class PageLayoutController
             } else {
                 $externalUrl = htmlspecialchars(GeneralUtility::makeInstance(PageRepository::class)->getExtURL($this->pageinfo));
                 if ($externalUrl !== false) {
-                    $externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noopener noreferrer">' . $externalUrl . '</a>';
+                    $externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noreferrer">' . $externalUrl . '</a>';
                     $view->assignMultiple([
                         'title' => $this->pageinfo['title'],
                         'message' => sprintf($lang->getLL('pageIsExternalLinkMessage'), $externalUrlHtml),
index 836cfeb..f60ce73 100644 (file)
@@ -3830,29 +3830,29 @@ class BackendUtility
             $warrantyNote = sprintf(
                 $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:warranty.by'),
                 htmlspecialchars($loginCopyrightWarrantyProvider),
-                '<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noopener noreferrer">',
+                '<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noreferrer">',
                 '</a>'
             );
         } else {
             $warrantyNote = sprintf(
                 $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:no.warranty'),
-                '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
+                '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noreferrer">',
                 '</a>'
             );
         }
-        $cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' .
+        $cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noreferrer">' .
             $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:typo3.cms') . '</a>. ' .
             $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:copyright') . ' &copy; '
             . htmlspecialchars(TYPO3_copyright_year) . ' Kasper Sk&aring;rh&oslash;j. ' .
             $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:extension.copyright') . ' ' .
             sprintf(
                 $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:details.link'),
-                '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' . TYPO3_URL_GENERAL . '</a>'
+                '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noreferrer">' . TYPO3_URL_GENERAL . '</a>'
             ) . ' ' .
             strip_tags($warrantyNote, '<a>') . ' ' .
             sprintf(
                 $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:free.software'),
-                '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
+                '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noreferrer">',
                 '</a> '
             )
             . $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:keep.notice');
index 3c3bd33..5c49474 100644 (file)
@@ -43,7 +43,7 @@
                                <source>You are using an unsupported browser version.</source>
                        </trans-unit>
                        <trans-unit id="warning.incompatibleBrowserInternetExplorer" resname="warning.incompatibleBrowserInternetExplorer">
-                               <source>Please install &lt;a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noopener noreferrer" /&gt;a more modern browser version&lt;/a&gt;.</source>
+                               <source>Please install &lt;a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noreferrer" /&gt;a more modern browser version&lt;/a&gt;.</source>
                        </trans-unit>
                        <trans-unit id="newsheadline" resname="newsheadline">
                                <source>Important Messages</source>
index c203eaf..8fde4ee 100644 (file)
                                         <f:format.raw>{copyright}</f:format.raw>
                                     </p>
                                     <ul class="list-unstyled">
-                                        <li><a href="https://typo3.org" target="_blank" rel="noopener noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
-                                        <li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noopener noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
+                                        <li><a href="https://typo3.org" target="_blank" rel="noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
+                                        <li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
                                     </ul>
                                 </div>
                             </div>
index 45cb819..d0ceab6 100644 (file)
@@ -107,7 +107,7 @@ HTML;
                             Once you have found a solution to the problem, help others by contributing to the wiki page.
                         </p>
                         <p>
-                            <a href="$wikiLink" target="_blank" rel="noopener noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
+                            <a href="$wikiLink" target="_blank" rel="noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
                         </p>
                     </div>
                 </div>
index 75950ec..65697ae 100644 (file)
@@ -52,7 +52,7 @@ GFX:
             description: 'If set, the processor_stripColorProfileCommand is used with all processor image operations by default. See tsRef for setting this parameter explicitly for IMAGE generation.'
         processor_stripColorProfileCommand:
             type: text
-            description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noopener noreferrer">imagemagick.org</a> for details'
+            description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noreferrer">imagemagick.org</a> for details'
         processor_colorspace:
             type: text
             description: 'String: Specify the colorspace to use. Some ImageMagick versions (like 6.7.0 and above) use the sRGB colorspace, so all images are darker then the original. <br />Possible Values: CMY, CMYK, Gray, HCL, HSB, HSL, HWB, Lab, LCH, LMS, Log, Luv, OHTA, Rec601Luma, Rec601YCbCr, Rec709Luma, Rec709YCbCr, RGB, sRGB, Transparent, XYZ, YCbCr, YCC, YIQ, YCbCr, YUV'
@@ -99,10 +99,10 @@ SYS:
             description: 'Defines a list of IP addresses which will allow development-output to display. The debug() function will use this as a filter. See the function <code>\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP()</code> for details on syntax. Setting this to blank value will deny all. Setting to "*" will allow all.'
         ddmmyy:
             type: text
-            description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
+            description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noreferrer">date()</a>'
         hhmm:
             type: text
-            description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
+            description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noreferrer">date()</a>'
         USdateFormat:
             type: bool
             description: 'If TRUE, dates entered in the TCEforms of the backend will be formatted mm-dd-yyyy'
@@ -129,18 +129,18 @@ SYS:
             description: 'Integer: memory_limit in MB: If more than 16, TYPO3 will try to use ini_set() to set the memory limit of PHP to the value. This works only if the function ini_set() is not disabled by your sysadmin.'
         phpTimeZone:
             type: text
-            description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noopener noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noopener noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
+            description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
         UTF8filesystem:
             type: bool
             description: |
               <p>
                 If TRUE then TYPO3 uses utf-8 to store file names. This allows for accented Latin letters as well as any other non-latin characters like Cyrillic and Chinese.
                 <strong>IMPORTANT:</strong> This requires a UTF-8 compatible locale in order to work. Otherwise problems with filenames containing special characters will occur.
-                See [SYS][systemLocale] and <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.
+                See [SYS][systemLocale] and <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noreferrer">setlocale()</a>.
               </p>
         systemLocale:
             type: text
-            description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.'
+            description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noreferrer">setlocale()</a>.'
         reverseProxyIP:
             type: list
             description: 'List of IP addresses. If TYPO3 is behind one or more (intransparent) reverse proxies the IP addresses must be added here.'
@@ -181,13 +181,13 @@ SYS:
             description: 'Classname to handle PHP errors. E.g.: TYPO3\CMS\Core\Error\ErrorHandler. This class displays and logs all errors that are registered as [SYS][errorHandlerErrors]. Leave empty to disable error handling. Errors will be logged and can be sent to the optionally installed developer log or to the "syslog" database table. If an error is registered in [SYS][exceptionalErrors] it will be turned into an exception to be handled by the configured exceptionHandler.'
         errorHandlerErrors:
             type: errors
-            description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
+            description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noreferrer">PHP documentation</a>).'
         exceptionalErrors:
             type: errors
-            description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noopener noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
+            description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
         belogErrorReporting:
             type: errors
-            description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
+            description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noreferrer">PHP documentation</a>).'
         generateApacheHtaccess:
             type: bool
             description: 'TYPO3 can create <em>.htaccess</em> files which are used by Apache Webserver. They are useful for access protection or performance improvements. Currently <em>.htaccess</em> files in the following directories are created, if they do not exist: <ul><li>typo3temp/compressor/</li></ul>You want to disable this feature, if you are not running Apache or want to use own rulesets.'
@@ -529,7 +529,7 @@ MAIL:
             description: '<em>only with transport=smtp</em>: &lt;server:port> of mailserver to connect to. &lt;port> defaults to "25".'
         transport_smtp_encrypt:
             type: text
-            description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noopener noreferrer"">stream_get_transports()</a>.'
+            description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noreferrer"">stream_get_transports()</a>.'
         transport_smtp_username:
             type: text
             description: '<em>only with transport=smtp</em>: If your SMTP server requires authentication, enter your username here.'
@@ -574,8 +574,8 @@ HTTP:
             type: mixed
             description: |
               <p>Default single proxy server as &quot;proxy.example.org&quot;.</p>
-              <p>Multiple proxies for different protocols can be added separately as array as well as authentication and port; see <a href="http://docs.guzzlephp.org/en/latest/request-options.html#proxy" target="_blank" rel="noopener noreferrer">the documentation</a> for details.</p>
-              <p>The configuration with an array must be made in the <code>AdditionalConfiguration.php</code>; see <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/GlobalValues/Typo3ConfVars/Index.html#file-additionalconfiguration-php" target="_blank" rel="noopener noreferrer">the documentation</a> for details.</p>
+              <p>Multiple proxies for different protocols can be added separately as array as well as authentication and port; see <a href="http://docs.guzzlephp.org/en/latest/request-options.html#proxy" target="_blank" rel="noreferrer">the documentation</a> for details.</p>
+              <p>The configuration with an array must be made in the <code>AdditionalConfiguration.php</code>; see <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/GlobalValues/Typo3ConfVars/Index.html#file-additionalconfiguration-php" target="_blank" rel="noreferrer">the documentation</a> for details.</p>
         ssl_key:
             type: mixed
             description: 'Mixed: Local certificate and an optional passphrase, see http://docs.guzzlephp.org/en/latest/request-options.html#ssl-key'
diff --git a/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst b/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst
new file mode 100644 (file)
index 0000000..cb2fb04
--- /dev/null
@@ -0,0 +1,27 @@
+.. include:: ../../Includes.txt
+
+========================================================
+Feature: #78488 - Add rel="noreferrer" to external links
+========================================================
+
+See :issue:`78488`
+
+Description
+===========
+
+All links processed by :ts:`typolink` with external links or using :html:`_blank`
+have been extended to contain :html:`rel="noreferrer"`.
+
+
+Impact
+======
+
+This property improves the security of the site:
+
+:html:`noreferrer`
+   This property prevents the browser, when navigating to another page, to send the page address, or any other value,
+   as referrer in according HTTP header. :html:`noreferrer` also implies the property :html:`noopener`, which instructs
+   the browser to open the link without granting the new browsing context access to the document that opened it.
+
+
+.. index:: Frontend
diff --git a/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst b/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst
deleted file mode 100644 (file)
index 98f7a7b..0000000
+++ /dev/null
@@ -1,27 +0,0 @@
-.. include:: ../../Includes.txt
-
-=================================================================
-Feature: #78488 - Add rel="noopener noreferrer" to external links
-=================================================================
-
-See :issue:`78488`
-
-Description
-===========
-
-All links processed by :ts:`typolink` with external links or using :html:`_blank`
-have been extended to contain :html:`rel="noopener noreferrer"`.
-
-
-Impact
-======
-
-Both properties improve the security of the site:
-
-:html:`noopener`
-   This property instructs the browser to open the link without granting the new browsing context access to the document that opened it.
-:html:`noreferrer`
-   This property prevents the browser, when navigating to another page, to send the page address, or any other value,
-   as referrer in according HTTP header.
-
-.. index:: Frontend
index 2ca155c..9894c0d 100644 (file)
@@ -25,7 +25,7 @@
                             <div class="callout-body">
                                 {message}
                                 <f:if condition="{errorCode} > 0">
-                                    <p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noopener noreferrer">online</a>.</p>
+                                    <p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noreferrer">online</a>.</p>
                                 </f:if>
                             </div>
                         </div>
index aaebad9..a1460d7 100644 (file)
@@ -47,7 +47,7 @@
             <tr class="ter-ext-single-info-manual">
                 <th><f:translate key="extensionList.showAllVersions.manual" /></th>
                 <td>
-                    <a href="{f:if(condition:currentVersion.documentationLink,then:currentVersion.documentationLink,else:'https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/')}" target="_blank" rel="noopener noreferrer">
+                    <a href="{f:if(condition:currentVersion.documentationLink,then:currentVersion.documentationLink,else:'https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/')}" target="_blank" rel="noreferrer">
                         <f:translate key="extensionList.showAllVersions.readOnline" />
                     </a>
                 </td>
index 878ede0..3ea79b2 100644 (file)
@@ -5147,7 +5147,7 @@ class ContentObjectRenderer implements LoggerAwareInterface
 
     protected function addSecurityRelValues(array $tagAttributes, ?string $target, string $url): array
     {
-        $relAttribute = 'noopener noreferrer';
+        $relAttribute = 'noreferrer';
         if ($target !== '_blank' || $this->isInternalUrl($url)) {
             return $tagAttributes;
         }
index e321ff8..defd00b 100644 (file)
@@ -2761,14 +2761,14 @@ class ContentObjectRendererTest extends UnitTestCase
                     'extTarget' => '_blank',
                     'title' => 'Open new window',
                 ],
-                '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noopener noreferrer">TYPO3</a>',
+                '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noreferrer">TYPO3</a>',
             ],
             'Link to url with attributes in parameter' => [
                 'TYPO3',
                 [
                     'parameter' => 'http://typo3.org _blank url-class "Open new window"',
                 ],
-                '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noopener noreferrer">TYPO3</a>',
+                '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noreferrer">TYPO3</a>',
             ],
             'Link to url with script tag' => [
                 '',
index 4df7234..3e0e557 100644 (file)
@@ -324,8 +324,8 @@ class DocumentationFile
     protected function parseContent(string $rstContent): string
     {
         $content = htmlspecialchars($rstContent);
-        $content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
-        $content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
+        $content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noreferrer">\\1</a>', $content);
+        $content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noreferrer">\\1</a>', $content);
         $content = preg_replace('/(\n([=]*)\n(.*)\n([=]*)\n)/', '', $content, 1);
         $content = preg_replace('/.. index::(.*)/', '', $content);
         $content = preg_replace('/.. include::(.*)/', '', $content);
index 08d4242..f11e37c 100644 (file)
@@ -42,7 +42,7 @@
             <f:then>
                 <div class="card-footer text-muted">
                     You can't use this feature, because your installation is in composer mode.
-                    Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noopener noreferrer">Composer dumpautoload</a>.
+                    Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noreferrer">Composer dumpautoload</a>.
                 </div>
             </f:then>
             <f:else>
index e3f4403..46d6496 100644 (file)
@@ -12,7 +12,7 @@
             <f:then>
                 <div class="card-footer text-muted">
                     You can't use this feature, because your installation is in composer mode.
-                    Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noopener noreferrer">install the new source</a>.
+                    Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noreferrer">install the new source</a>.
                 </div>
             </f:then>
             <f:else>
index b95c4cd..77768a5 100644 (file)
@@ -6,7 +6,7 @@
     upgrading to new core versions. However, the detection approach - based on static
     code analysis - is limited by concept: false positives/negatives are impossible to avoid.
     Further details can be found at
-    <a style="text-decoration: underline;" target="_blank" rel="noopener noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
+    <a style="text-decoration: underline;" target="_blank" rel="noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
         the official docs.
     </a>
 </p>
index fc2b934..f722a3a 100644 (file)
@@ -49,7 +49,7 @@
             <td>###ACTIONLINKOPEN######ELEMENT######ACTIONLINKCLOSE###</td>
             <td>###PATH###</td>
             <td>###HEADLINK###</td>
-            <td><a href="###LINKTARGET###" target="_blank" rel="noopener noreferrer">###LINKTARGET###</a></td>
+            <td><a href="###LINKTARGET###" target="_blank" rel="noreferrer">###LINKTARGET###</a></td>
             <td>###LINKMESSAGE###</td>
             <td>###LASTCHECK###</td>
             <td>###ACTIONLINKOPEN######ACTIONLINKICON######ACTIONLINKCLOSE###</td>
index 1746f66..5e407fc 100644 (file)
@@ -2,7 +2,7 @@
 <div id="typo3-topbar">
     <div class="typo3-topbar-container" role="navigation" id="typo3-top-container">
         <div class="typo3-topbar-site">
-            <a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noopener noreferrer">
+            <a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noreferrer">
                 <img src="{f:uri.resource(path: 'Images/typo3_logo_orange.svg', extensionName: 'backend')}" width="22" height="22" title="TYPO3 Content Management System" alt="">
             </a>
             <span class="typo3-topbar-site-name">{activeWorkspace}</span>