Commit 4351529f authored by Benni Mack's avatar Benni Mack Committed by Susanne Moog
Browse files

[BUGFIX] Use "noreferrer" instead of "noopener noreferrer"

Various patches introduced a feature to not send the referer
nor the opener information to external links.

However, just because others CMS do it this way,
one should carefully consider WHAT THESE THINGS DO.

So, adding "noreferrer" implicitly includes "noopener".
What this means is that we can save a lot of bytes, save the
environment by producing less bytes and sending them over the wire.

References:
- https://www.w3.org/TR/2011/WD-html5-20110113/links.html#link-type-noreferrer
- https://web.dev/external-anchors-use-rel-noopener/
- https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer

Relates: #78488
Relates: #89044
Resolves: #89757
Releases: master
Change-Id: Ia366169cd30da23f988bae04175fdaa18be418b2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62421

Tested-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
Reviewed-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
parent 9d007fd1
......@@ -25,22 +25,22 @@
<source>TYPO3 CMS - Professional Web Content Management System</source>
</trans-unit>
<trans-unit id="minor" resname="minor">
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using %s %s</source>
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using %s %s</source>
</trans-unit>
<trans-unit id="cms_description" resname="cms_description">
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using version %s - Copyright %s %s</source>
<source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.&lt;br /&gt;&lt;br /&gt;For further information visit &lt;a href="https://typo3.org/typo3-cms/" target="_blank" rel="noreferrer"&gt;typo3.org&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;TYPO3 CMS is &lt;b&gt;freely available&lt;/b&gt; under the &lt;a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank"&gt;TYPO3-license (GNU/GPL)&lt;/a&gt;.&lt;br /&gt;&lt;br /&gt;You are using version %s - Copyright %s %s</source>
</trans-unit>
<trans-unit id="community_credits" resname="community_credits">
<source>Community Credits</source>
</trans-unit>
<trans-unit id="information_detail" resname="information_detail">
<source>Visit &lt;a href="https://typo3.org/community/" target="_blank" rel="noopener noreferrer"&gt;typo3.org/community/&lt;/a&gt; if you want to know why TYPO3 rocks.</source>
<source>Visit &lt;a href="https://typo3.org/community/" target="_blank" rel="noreferrer"&gt;typo3.org/community/&lt;/a&gt; if you want to know why TYPO3 rocks.</source>
</trans-unit>
<trans-unit id="coredevs" resname="coredevs">
<source>Core Team</source>
</trans-unit>
<trans-unit id="coredevs_detail" resname="coredevs_detail">
<source>Visit &lt;a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noopener noreferrer"&gt;typo3.org/teams-committees/core-development/&lt;/a&gt; for the complete member list.&lt;br /&gt;&lt;br /&gt;The Git Repository and the ChangeLog can be found &lt;a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank"&gt;here&lt;/a&gt;.</source>
<source>Visit &lt;a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noreferrer"&gt;typo3.org/teams-committees/core-development/&lt;/a&gt; for the complete member list.&lt;br /&gt;&lt;br /&gt;The Git Repository and the ChangeLog can be found &lt;a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank"&gt;here&lt;/a&gt;.</source>
</trans-unit>
<trans-unit id="extension_authors" resname="extension_authors">
<source>Extension Authors</source>
......
......@@ -6,7 +6,7 @@
<p>
{f:translate(key: 'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_message') -> f:format.raw()}
</p>
<a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noopener noreferrer">
<a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noreferrer">
<f:translate key="LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button" />
</a>
</div>
......
......@@ -10,143 +10,143 @@
<table class="table panel-table">
<tr>
<td>Composer</td>
<td><a href="https://getcomposer.org" target="_blank" rel="noopener noreferrer">getcomposer.org</a></td>
<td><a href="https://getcomposer.org" target="_blank" rel="noreferrer">getcomposer.org</a></td>
</tr>
<tr>
<td>jQuery</td>
<td><a href="https://jquery.com" target="_blank" rel="noopener noreferrer">jquery.com</a></td>
<td><a href="https://jquery.com" target="_blank" rel="noreferrer">jquery.com</a></td>
</tr>
<tr>
<td>Twitter Bootstrap</td>
<td><a href="http://getbootstrap.com" target="_blank" rel="noopener noreferrer">getbootstrap.com</a></td>
<td><a href="http://getbootstrap.com" target="_blank" rel="noreferrer">getbootstrap.com</a></td>
</tr>
<tr>
<td>Doctrine Project (DBAL Component and Instantiator)</td>
<td><a href="http://www.doctrine-project.org/projects/dbal.html" target="_blank" rel="noopener noreferrer">doctrine-project.org</a></td>
<td><a href="http://www.doctrine-project.org/projects/dbal.html" target="_blank" rel="noreferrer">doctrine-project.org</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Config</td>
<td><a href="https://symfony.com/doc/current/components/config.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/config.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Console</td>
<td><a href="https://symfony.com/doc/current/components/console.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/console.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: DependencyInjection</td>
<td><a href="https://symfony.com/doc/current/components/dependency_injection.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/dependency_injection.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: ExpressionLanguage</td>
<td><a href="https://symfony.com/doc/current/components/expression_language.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/expression_language.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Finder</td>
<td><a href="https://symfony.com/doc/current/components/finder.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/finder.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Mailer</td>
<td><a href="https://symfony.com/doc/current/components/mailer.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/mailer.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Mime</td>
<td><a href="https://symfony.com/doc/current/components/mime.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/mime.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: PropertyAccess</td>
<td><a href="https://symfony.com/doc/current/components/property_access.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/property_access.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: PropertyInfo</td>
<td><a href="https://symfony.com/doc/current/components/property_info.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/property_info.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Routing</td>
<td><a href="https://symfony.com/doc/current/components/routing.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/routing.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: YAML</td>
<td><a href="https://symfony.com/doc/current/components/yaml.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
<td><a href="https://symfony.com/doc/current/components/yaml.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Guzzle PHP</td>
<td><a href="http://guzzlephp.org" target="_blank" rel="noopener noreferrer">guzzlephp.org</a></td>
<td><a href="http://guzzlephp.org" target="_blank" rel="noreferrer">guzzlephp.org</a></td>
</tr>
<tr>
<td>d3 Data Driven Documents</td>
<td><a href="https://d3js.org" target="_blank" rel="noopener noreferrer">d3js.org</a></td>
<td><a href="https://d3js.org" target="_blank" rel="noreferrer">d3js.org</a></td>
</tr>
<tr>
<td>CKEditor</td>
<td><a href="http://ckeditor.com" target="_blank" rel="noopener noreferrer">ckeditor.com</a></td>
<td><a href="http://ckeditor.com" target="_blank" rel="noreferrer">ckeditor.com</a></td>
</tr>
<tr>
<td>RequireJS</td>
<td><a href="http://requirejs.org" target="_blank" rel="noopener noreferrer">requirejs.org</a></td>
<td><a href="http://requirejs.org" target="_blank" rel="noreferrer">requirejs.org</a></td>
</tr>
<tr>
<td>moment.js</td>
<td><a href="https://momentjs.com" target="_blank" rel="noopener noreferrer">momentjs.com</a></td>
<td><a href="https://momentjs.com" target="_blank" rel="noreferrer">momentjs.com</a></td>
</tr>
<tr>
<td>NProgress</td>
<td><a href="http://ricostacruz.com/nprogress/" target="_blank" rel="noopener noreferrer">ricostacruz.com</a></td>
<td><a href="http://ricostacruz.com/nprogress/" target="_blank" rel="noreferrer">ricostacruz.com</a></td>
</tr>
<tr>
<td>Autosize</td>
<td><a href="http://www.jacklmoore.com/autosize/" target="_blank" rel="noopener noreferrer">jacklmoore.com</a></td>
<td><a href="http://www.jacklmoore.com/autosize/" target="_blank" rel="noreferrer">jacklmoore.com</a></td>
</tr>
<tr>
<td>Cropper.js</td>
<td><a href="https://fengyuanchen.github.io/cropper/" target="_blank" rel="noopener noreferrer">fengyuanchen.github.io</a></td>
<td><a href="https://fengyuanchen.github.io/cropper/" target="_blank" rel="noreferrer">fengyuanchen.github.io</a></td>
</tr>
<tr>
<td>ImagesLoaded</td>
<td><a href="http://imagesloaded.desandro.com" target="_blank" rel="noopener noreferrer">imagesloaded.desandro.com</a></td>
<td><a href="http://imagesloaded.desandro.com" target="_blank" rel="noreferrer">imagesloaded.desandro.com</a></td>
</tr>
<tr>
<td>jQuery UI</td>
<td><a href="https://jqueryui.com" target="_blank" rel="noopener noreferrer">jqueryui.com</a></td>
<td><a href="https://jqueryui.com" target="_blank" rel="noreferrer">jqueryui.com</a></td>
</tr>
<tr>
<td>Twitter Bootstrap Plugin: DateTimePicker</td>
<td><a href="https://eonasdan.github.io/bootstrap-datetimepicker/" target="_blank" rel="noopener noreferrer">eonasdan.github.io</a></td>
<td><a href="https://eonasdan.github.io/bootstrap-datetimepicker/" target="_blank" rel="noreferrer">eonasdan.github.io</a></td>
</tr>
<tr>
<td>Twitter Bootstrap Plugin: Slider</td>
<td><a href="http://seiyria.com/bootstrap-slider/" target="_blank" rel="noopener noreferrer">seiyria.com</a></td>
<td><a href="http://seiyria.com/bootstrap-slider/" target="_blank" rel="noreferrer">seiyria.com</a></td>
</tr>
<tr>
<td>jQuery Plugin: Ajax AutoComplete</td>
<td><a href="https://www.devbridge.com/sourcery/components/jquery-autocomplete/" target="_blank" rel="noopener noreferrer">devbridge.com</a></td>
<td><a href="https://www.devbridge.com/sourcery/components/jquery-autocomplete/" target="_blank" rel="noreferrer">devbridge.com</a></td>
</tr>
<tr>
<td>jQuery Plugin: DataTables</td>
<td><a href="https://datatables.net" target="_blank" rel="noopener noreferrer">datatables.net</a></td>
<td><a href="https://datatables.net" target="_blank" rel="noreferrer">datatables.net</a></td>
</tr>
<tr>
<td>jQuery Plugin: MiniColors</td>
<td><a href="http://labs.abeautifulsite.net/jquery-minicolors/" target="_blank" rel="noopener noreferrer">labs.abeautifulsite.net</a></td>
<td><a href="http://labs.abeautifulsite.net/jquery-minicolors/" target="_blank" rel="noreferrer">labs.abeautifulsite.net</a></td>
</tr>
<tr>
<td>jQuery Plugin: Tab Override</td>
<td><a href="http://wjbryant.github.io/taboverride/" target="_blank" rel="noopener noreferrer">wjbryant.github.io</a></td>
<td><a href="http://wjbryant.github.io/taboverride/" target="_blank" rel="noreferrer">wjbryant.github.io</a></td>
</tr>
<tr>
<td>Neos (Form component)</td>
<td><a href="https://www.neos.io" target="_blank" rel="noopener noreferrer">neos.io</a></td>
<td><a href="https://www.neos.io" target="_blank" rel="noreferrer">neos.io</a></td>
</tr>
<tr>
<td>FineDiff</td>
<td><a href="https://github.com/cogpowered/FineDiff" target="_blank" rel="noopener noreferrer">github.com</a></td>
<td><a href="https://github.com/cogpowered/FineDiff" target="_blank" rel="noreferrer">github.com</a></td>
</tr>
<tr>
<td>IDNA Convert</td>
<td><a href="https://idnaconv.net" target="_blank" rel="noopener noreferrer">idnaconv.net</a></td>
<td><a href="https://idnaconv.net" target="_blank" rel="noreferrer">idnaconv.net</a></td>
</tr>
<tr>
<td>CodeMirror</td>
<td><a href="http://codemirror.net" target="_blank" rel="noopener noreferrer">codemirror.net</a></td>
<td><a href="http://codemirror.net" target="_blank" rel="noreferrer">codemirror.net</a></td>
</tr>
</table>
</div>
......@@ -541,7 +541,7 @@ class PageLayoutController
} else {
$externalUrl = htmlspecialchars(GeneralUtility::makeInstance(PageRepository::class)->getExtURL($this->pageinfo));
if ($externalUrl !== false) {
$externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noopener noreferrer">' . $externalUrl . '</a>';
$externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noreferrer">' . $externalUrl . '</a>';
$view->assignMultiple([
'title' => $this->pageinfo['title'],
'message' => sprintf($lang->getLL('pageIsExternalLinkMessage'), $externalUrlHtml),
......
......@@ -3830,29 +3830,29 @@ class BackendUtility
$warrantyNote = sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:warranty.by'),
htmlspecialchars($loginCopyrightWarrantyProvider),
'<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noopener noreferrer">',
'<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noreferrer">',
'</a>'
);
} else {
$warrantyNote = sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:no.warranty'),
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noreferrer">',
'</a>'
);
}
$cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' .
$cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noreferrer">' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:typo3.cms') . '</a>. ' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:copyright') . ' &copy; '
. htmlspecialchars(TYPO3_copyright_year) . ' Kasper Sk&aring;rh&oslash;j. ' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:extension.copyright') . ' ' .
sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:details.link'),
'<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' . TYPO3_URL_GENERAL . '</a>'
'<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noreferrer">' . TYPO3_URL_GENERAL . '</a>'
) . ' ' .
strip_tags($warrantyNote, '<a>') . ' ' .
sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:free.software'),
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
'<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noreferrer">',
'</a> '
)
. $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:keep.notice');
......
......@@ -43,7 +43,7 @@
<source>You are using an unsupported browser version.</source>
</trans-unit>
<trans-unit id="warning.incompatibleBrowserInternetExplorer" resname="warning.incompatibleBrowserInternetExplorer">
<source>Please install &lt;a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noopener noreferrer" /&gt;a more modern browser version&lt;/a&gt;.</source>
<source>Please install &lt;a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noreferrer" /&gt;a more modern browser version&lt;/a&gt;.</source>
</trans-unit>
<trans-unit id="newsheadline" resname="newsheadline">
<source>Important Messages</source>
......
......@@ -100,8 +100,8 @@
<f:format.raw>{copyright}</f:format.raw>
</p>
<ul class="list-unstyled">
<li><a href="https://typo3.org" target="_blank" rel="noopener noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
<li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noopener noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
<li><a href="https://typo3.org" target="_blank" rel="noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
<li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
</ul>
</div>
</div>
......
......@@ -107,7 +107,7 @@ HTML;
Once you have found a solution to the problem, help others by contributing to the wiki page.
</p>
<p>
<a href="$wikiLink" target="_blank" rel="noopener noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
<a href="$wikiLink" target="_blank" rel="noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
</p>
</div>
</div>
......
......@@ -52,7 +52,7 @@ GFX:
description: 'If set, the processor_stripColorProfileCommand is used with all processor image operations by default. See tsRef for setting this parameter explicitly for IMAGE generation.'
processor_stripColorProfileCommand:
type: text
description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noopener noreferrer">imagemagick.org</a> for details'
description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noreferrer">imagemagick.org</a> for details'
processor_colorspace:
type: text
description: 'String: Specify the colorspace to use. Some ImageMagick versions (like 6.7.0 and above) use the sRGB colorspace, so all images are darker then the original. <br />Possible Values: CMY, CMYK, Gray, HCL, HSB, HSL, HWB, Lab, LCH, LMS, Log, Luv, OHTA, Rec601Luma, Rec601YCbCr, Rec709Luma, Rec709YCbCr, RGB, sRGB, Transparent, XYZ, YCbCr, YCC, YIQ, YCbCr, YUV'
......@@ -99,10 +99,10 @@ SYS:
description: 'Defines a list of IP addresses which will allow development-output to display. The debug() function will use this as a filter. See the function <code>\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP()</code> for details on syntax. Setting this to blank value will deny all. Setting to "*" will allow all.'
ddmmyy:
type: text
description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noreferrer">date()</a>'
hhmm:
type: text
description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noreferrer">date()</a>'
USdateFormat:
type: bool
description: 'If TRUE, dates entered in the TCEforms of the backend will be formatted mm-dd-yyyy'
......@@ -129,18 +129,18 @@ SYS:
description: 'Integer: memory_limit in MB: If more than 16, TYPO3 will try to use ini_set() to set the memory limit of PHP to the value. This works only if the function ini_set() is not disabled by your sysadmin.'
phpTimeZone:
type: text
description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noopener noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noopener noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
UTF8filesystem:
type: bool
description: |
<p>
If TRUE then TYPO3 uses utf-8 to store file names. This allows for accented Latin letters as well as any other non-latin characters like Cyrillic and Chinese.
<strong>IMPORTANT:</strong> This requires a UTF-8 compatible locale in order to work. Otherwise problems with filenames containing special characters will occur.
See [SYS][systemLocale] and <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.
See [SYS][systemLocale] and <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noreferrer">setlocale()</a>.
</p>
systemLocale:
type: text
description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.'
description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noreferrer">setlocale()</a>.'
reverseProxyIP:
type: list
description: 'List of IP addresses. If TYPO3 is behind one or more (intransparent) reverse proxies the IP addresses must be added here.'
......@@ -181,13 +181,13 @@ SYS:
description: 'Classname to handle PHP errors. E.g.: TYPO3\CMS\Core\Error\ErrorHandler. This class displays and logs all errors that are registered as [SYS][errorHandlerErrors]. Leave empty to disable error handling. Errors will be logged and can be sent to the optionally installed developer log or to the "syslog" database table. If an error is registered in [SYS][exceptionalErrors] it will be turned into an exception to be handled by the configured exceptionHandler.'
errorHandlerErrors:
type: errors
description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noreferrer">PHP documentation</a>).'
exceptionalErrors:
type: errors
description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noopener noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
belogErrorReporting:
type: errors
description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noreferrer">PHP documentation</a>).'
generateApacheHtaccess:
type: bool
description: 'TYPO3 can create <em>.htaccess</em> files which are used by Apache Webserver. They are useful for access protection or performance improvements. Currently <em>.htaccess</em> files in the following directories are created, if they do not exist: <ul><li>typo3temp/compressor/</li></ul>You want to disable this feature, if you are not running Apache or want to use own rulesets.'
......@@ -529,7 +529,7 @@ MAIL:
description: '<em>only with transport=smtp</em>: &lt;server:port> of mailserver to connect to. &lt;port> defaults to "25".'
transport_smtp_encrypt:
type: text
description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noopener noreferrer"">stream_get_transports()</a>.'
description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noreferrer"">stream_get_transports()</a>.'
transport_smtp_username:
type: text
description: '<em>only with transport=smtp</em>: If your SMTP server requires authentication, enter your username here.'
......@@ -574,8 +574,8 @@ HTTP:
type: mixed
description: |
<p>Default single proxy server as &quot;proxy.example.org&quot;.</p>
<p>Multiple proxies for different protocols can be added separately as array as well as authentication and port; see <a href="http://docs.guzzlephp.org/en/latest/request-options.html#proxy" target="_blank" rel="noopener noreferrer">the documentation</a> for details.</p>
<p>The configuration with an array must be made in the <code>AdditionalConfiguration.php</code>; see <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/GlobalValues/Typo3ConfVars/Index.html#file-additionalconfiguration-php" target="_blank" rel="noopener noreferrer">the documentation</a> for details.</p>
<p>Multiple proxies for different protocols can be added separately as array as well as authentication and port; see <a href="http://docs.guzzlephp.org/en/latest/request-options.html#proxy" target="_blank" rel="noreferrer">the documentation</a> for details.</p>
<p>The configuration with an array must be made in the <code>AdditionalConfiguration.php</code>; see <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/GlobalValues/Typo3ConfVars/Index.html#file-additionalconfiguration-php" target="_blank" rel="noreferrer">the documentation</a> for details.</p>
ssl_key:
type: mixed
description: 'Mixed: Local certificate and an optional passphrase, see http://docs.guzzlephp.org/en/latest/request-options.html#ssl-key'
......
.. include:: ../../Includes.txt
=================================================================
Feature: #78488 - Add rel="noopener noreferrer" to external links
=================================================================
========================================================
Feature: #78488 - Add rel="noreferrer" to external links
========================================================
See :issue:`78488`
......@@ -10,18 +10,18 @@ Description
===========
All links processed by :ts:`typolink` with external links or using :html:`_blank`
have been extended to contain :html:`rel="noopener noreferrer"`.
have been extended to contain :html:`rel="noreferrer"`.
Impact
======
Both properties improve the security of the site:
This property improves the security of the site:
:html:`noopener`
This property instructs the browser to open the link without granting the new browsing context access to the document that opened it.
:html:`noreferrer`
This property prevents the browser, when navigating to another page, to send the page address, or any other value,
as referrer in according HTTP header.
as referrer in according HTTP header. :html:`noreferrer` also implies the property :html:`noopener`, which instructs
the browser to open the link without granting the new browsing context access to the document that opened it.
.. index:: Frontend
......@@ -25,7 +25,7 @@
<div class="callout-body">
{message}
<f:if condition="{errorCode} > 0">
<p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noopener noreferrer">online</a>.</p>
<p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noreferrer">online</a>.</p>
</f:if>
</div>
</div>
......
......@@ -47,7 +47,7 @@
<tr class="ter-ext-single-info-manual">
<th><f:translate key="extensionList.showAllVersions.manual" /></th>
<td>
<a href="{f:if(condition:currentVersion.documentationLink,then:currentVersion.documentationLink,else:'https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/')}" target="_blank" rel="noopener noreferrer">
<a href="{f:if(condition:currentVersion.documentationLink,then:currentVersion.documentationLink,else:'https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/')}" target="_blank" rel="noreferrer">
<f:translate key="extensionList.showAllVersions.readOnline" />
</a>
</td>
......
......@@ -5147,7 +5147,7 @@ class ContentObjectRenderer implements LoggerAwareInterface
protected function addSecurityRelValues(array $tagAttributes, ?string $target, string $url): array
{
$relAttribute = 'noopener noreferrer';
$relAttribute = 'noreferrer';
if ($target !== '_blank' || $this->isInternalUrl($url)) {
return $tagAttributes;
}
......
......@@ -2761,14 +2761,14 @@ class ContentObjectRendererTest extends UnitTestCase
'extTarget' => '_blank',
'title' => 'Open new window',
],
'<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noopener noreferrer">TYPO3</a>',
'<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noreferrer">TYPO3</a>',
],
'Link to url with attributes in parameter' => [
'TYPO3',
[
'parameter' => 'http://typo3.org _blank url-class "Open new window"',
],
'<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noopener noreferrer">TYPO3</a>',
'<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noreferrer">TYPO3</a>',
],
'Link to url with script tag' => [
'',
......
......@@ -324,8 +324,8 @@ class DocumentationFile
protected function parseContent(string $rstContent): string
{
$content = htmlspecialchars($rstContent);
$content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
$content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
$content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noreferrer">\\1</a>', $content);
$content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noreferrer">\\1</a>', $content);
$content = preg_replace('/(\n([=]*)\n(.*)\n([=]*)\n)/', '', $content, 1);
$content = preg_replace('/.. index::(.*)/', '', $content);
$content = preg_replace('/.. include::(.*)/', '', $content);
......
......@@ -42,7 +42,7 @@
<f:then>
<div class="card-footer text-muted">
You can't use this feature, because your installation is in composer mode.
Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noopener noreferrer">Composer dumpautoload</a>.
Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noreferrer">Composer dumpautoload</a>.
</div>
</f:then>
<f:else>
......
......@@ -12,7 +12,7 @@
<f:then>
<div class="card-footer text-muted">
You can't use this feature, because your installation is in composer mode.
Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noopener noreferrer">install the new source</a>.
Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noreferrer">install the new source</a>.
</div>
</f:then>
<f:else>
......
......@@ -6,7 +6,7 @@
upgrading to new core versions. However, the detection approach - based on static
code analysis - is limited by concept: false positives/negatives are impossible to avoid.
Further details can be found at
<a style="text-decoration: underline;" target="_blank" rel="noopener noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
<a style="text-decoration: underline;" target="_blank" rel="noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
the official docs.
</a>
</p>
......
......@@ -49,7 +49,7 @@
<td>###ACTIONLINKOPEN######ELEMENT######ACTIONLINKCLOSE###</td>
<td>###PATH###</td>
<td>###HEADLINK###</td>
<td><a href="###LINKTARGET###" target="_blank" rel="noopener noreferrer">###LINKTARGET###</a></td>
<td><a href="###LINKTARGET###" target="_blank" rel="noreferrer">###LINKTARGET###</a></td>
<td>###LINKMESSAGE###</td>
<td>###LASTCHECK###</td>
<td>###ACTIONLINKOPEN######ACTIONLINKICON######ACTIONLINKCLOSE###</td>
......
......@@ -2,7 +2,7 @@
<div id="typo3-topbar">
<div class="typo3-topbar-container" role="navigation" id="typo3-top-container">
<div class="typo3-topbar-site">
<a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noopener noreferrer">
<a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noreferrer">
<img src="{f:uri.resource(path: 'Images/typo3_logo_orange.svg', extensionName: 'backend')}" width="22" height="22" title="TYPO3 Content Management System" alt="">
</a>
<span class="typo3-topbar-site-name">{activeWorkspace}</span>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment