Enforcing noopener noreferrer with grunt-htmllint





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















I recently was using create-react-app and noticed that the <a> tag in App.js was using the noopener noreferrer attributes. I also noticed that scattered throughout our code-base, are <a> tags which do not use the above attributes.



I wanted to, using grunt-htmllint, add a rule that would enforce the adding of these attributes but am having trouble with the value that I should add to what I think would be "tag-req-attr".



The documentation for the rule is listed here, but the usage for me is confusing. How can I set the specified <a> tag to include said rules?



I am looking for a way to enforce that the rel attribute contains both noopener and noreferrere.g.:



<a href="#" target="_blank" rel="noopener noreferrer">My Link</a>



Thanks






gruntjs static-analysis







share|improve this question

























  • You probably want the link-req-noopener option instead. So in the options object of your grunt-htmllint task you add 'link-req-noopener': true . However the description for link-rel-no-opener states: "If set, each a tag with target="_blank" must have a rel="noopener" or rel="noreferrer" attribute." - Intentional emphasis on "or", so I don't think it works with both values present.

    – RobC
    Jan 4 at 19:23




















0















I recently was using create-react-app and noticed that the <a> tag in App.js was using the noopener noreferrer attributes. I also noticed that scattered throughout our code-base, are <a> tags which do not use the above attributes.



I wanted to, using grunt-htmllint, add a rule that would enforce the adding of these attributes but am having trouble with the value that I should add to what I think would be "tag-req-attr".



The documentation for the rule is listed here, but the usage for me is confusing. How can I set the specified <a> tag to include said rules?



I am looking for a way to enforce that the rel attribute contains both noopener and noreferrere.g.:



<a href="#" target="_blank" rel="noopener noreferrer">My Link</a>



Thanks






gruntjs static-analysis







share|improve this question

























  • You probably want the link-req-noopener option instead. So in the options object of your grunt-htmllint task you add 'link-req-noopener': true . However the description for link-rel-no-opener states: "If set, each a tag with target="_blank" must have a rel="noopener" or rel="noreferrer" attribute." - Intentional emphasis on "or", so I don't think it works with both values present.

    – RobC
    Jan 4 at 19:23
















0












0








0








I recently was using create-react-app and noticed that the <a> tag in App.js was using the noopener noreferrer attributes. I also noticed that scattered throughout our code-base, are <a> tags which do not use the above attributes.



I wanted to, using grunt-htmllint, add a rule that would enforce the adding of these attributes but am having trouble with the value that I should add to what I think would be "tag-req-attr".



The documentation for the rule is listed here, but the usage for me is confusing. How can I set the specified <a> tag to include said rules?



I am looking for a way to enforce that the rel attribute contains both noopener and noreferrere.g.:



<a href="#" target="_blank" rel="noopener noreferrer">My Link</a>



Thanks






gruntjs static-analysis







share|improve this question
















I recently was using create-react-app and noticed that the <a> tag in App.js was using the noopener noreferrer attributes. I also noticed that scattered throughout our code-base, are <a> tags which do not use the above attributes.



I wanted to, using grunt-htmllint, add a rule that would enforce the adding of these attributes but am having trouble with the value that I should add to what I think would be "tag-req-attr".



The documentation for the rule is listed here, but the usage for me is confusing. How can I set the specified <a> tag to include said rules?



I am looking for a way to enforce that the rel attribute contains both noopener and noreferrere.g.:



<a href="#" target="_blank" rel="noopener noreferrer">My Link</a>



Thanks






gruntjs static-analysis




gruntjs static-analysis






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 4 at 19:06







User 5842

















asked Jan 4 at 16:00









User 5842User 5842

877925




877925













  • You probably want the link-req-noopener option instead. So in the options object of your grunt-htmllint task you add 'link-req-noopener': true . However the description for link-rel-no-opener states: "If set, each a tag with target="_blank" must have a rel="noopener" or rel="noreferrer" attribute." - Intentional emphasis on "or", so I don't think it works with both values present.

    – RobC
    Jan 4 at 19:23





















  • You probably want the link-req-noopener option instead. So in the options object of your grunt-htmllint task you add 'link-req-noopener': true . However the description for link-rel-no-opener states: "If set, each a tag with target="_blank" must have a rel="noopener" or rel="noreferrer" attribute." - Intentional emphasis on "or", so I don't think it works with both values present.

    – RobC
    Jan 4 at 19:23



















You probably want the link-req-noopener option instead. So in the options object of your grunt-htmllint task you add 'link-req-noopener': true . However the description for link-rel-no-opener states: "If set, each a tag with target="_blank" must have a rel="noopener" or rel="noreferrer" attribute." - Intentional emphasis on "or", so I don't think it works with both values present.

– RobC
Jan 4 at 19:23







You probably want the link-req-noopener option instead. So in the options object of your grunt-htmllint task you add 'link-req-noopener': true . However the description for link-rel-no-opener states: "If set, each a tag with target="_blank" must have a rel="noopener" or rel="noreferrer" attribute." - Intentional emphasis on "or", so I don't think it works with both values present.

– RobC
Jan 4 at 19:23














1 Answer
1






active

oldest

votes


















0














According to, https://developers.google.com/web/tools/lighthouse/audits/noopener, it looks like noreferrer handles both cases: rel="noreferrer" attribute has the same effect, but also prevents the Referer header from being sent to the new page.



In that case, simply using the link-req-noopener rule should be sufficient.






share|improve this answer
























  • The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

    – RobC
    Jan 4 at 19:33












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54042333%2fenforcing-noopener-noreferrer-with-grunt-htmllint%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














According to, https://developers.google.com/web/tools/lighthouse/audits/noopener, it looks like noreferrer handles both cases: rel="noreferrer" attribute has the same effect, but also prevents the Referer header from being sent to the new page.



In that case, simply using the link-req-noopener rule should be sufficient.






share|improve this answer
























  • The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

    – RobC
    Jan 4 at 19:33
















0














According to, https://developers.google.com/web/tools/lighthouse/audits/noopener, it looks like noreferrer handles both cases: rel="noreferrer" attribute has the same effect, but also prevents the Referer header from being sent to the new page.



In that case, simply using the link-req-noopener rule should be sufficient.






share|improve this answer
























  • The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

    – RobC
    Jan 4 at 19:33














0












0








0







According to, https://developers.google.com/web/tools/lighthouse/audits/noopener, it looks like noreferrer handles both cases: rel="noreferrer" attribute has the same effect, but also prevents the Referer header from being sent to the new page.



In that case, simply using the link-req-noopener rule should be sufficient.






share|improve this answer













According to, https://developers.google.com/web/tools/lighthouse/audits/noopener, it looks like noreferrer handles both cases: rel="noreferrer" attribute has the same effect, but also prevents the Referer header from being sent to the new page.



In that case, simply using the link-req-noopener rule should be sufficient.







share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 4 at 19:26









User 5842User 5842

877925




877925













  • The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

    – RobC
    Jan 4 at 19:33



















  • The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

    – RobC
    Jan 4 at 19:33

















The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

– RobC
Jan 4 at 19:33





The link-req-noopener option fails if both noopener and noreferrer exist as values for the rel attribute as per the html fragment in your question.

– RobC
Jan 4 at 19:33




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54042333%2fenforcing-noopener-noreferrer-with-grunt-htmllint%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Mossoró

Image
  Nota: Para outros significados, veja Mossoró (desambiguação). Município de Mossoró "Capital do Oeste Potiguar" [ 1 ] "Capital nacional do Semiárido" [ 2 ] [ 3 ] "Capital Cultural do Rio Grande do Norte" [ 1 ] "Terra de Santa Luzia" [ 4 ] "Terra do Sol, do Sal e do Petróleo" [ 5 ] "Terra da Liberdade [ 6 ] " Centro de Mossoró, com a Praça Vigário Antônio Joaquim e, ao fundo, a câmara municipal de vereadores (esquerda) e Catedral de Santa Luzia (direita) Bandeira Brasão Hino Fundação 15 de março de 1852 (166 anos) Gentílico mossoroense Padroeiro(a) Santa Luzia Prefeito(a) Rosalba Ciarlini Rosado (PP) (2017 – 2020 ) Localização Localização de Mossoró no Rio Grande do Norte Mossoró Localização de Mossoró no Brasil 05° 11' 16" S 37° 20' 38" O 05° 11' 16" S 37° 20' 38" O Unidade federativa Rio Grande do No...
Read more

Cannot access a disposed object : DataContext

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I'm using TCPClient to connect to device and get some data as a strings, then I'm trying to save data to DB and getting "Cannot access a disposed object" error." Maybe problem is because I'm trying to save to DB from async callback function? Please take a look, here are two functions: first one gets network stream, already connected to the device and starts reading data, second one is callback: private void ReadDataAsync(NetworkStream nwStream) { byte buffer = new byte[1024]; messageStream mStream = new messageStream(nwStream, buffer); if (nwS...
Read more

Can't read property showImagePicker of undefined in react native iOS

Image
1 I have tired with this issue npm install react-native-image-picker@latest --save react-native link react-native-image-picker import ImagePicker from 'react-native-image-picker'; const options = { quality: 1.0, maxWidth: 500, maxHeight: 500, storageOptions: { skipBackup: true } }; ImagePicker.showImagePicker(options, (response) => { console.log('Response = ', response); if (response.didCancel) { console.log('User cancelled image picker'); } else if (response.error) { console.log('ImagePicker Error: ', response.error); } else if (response.customButton) { console.log('User tapped custom button: ', response.customButton); } else { ...
Read more