Security bug: WAnchor should set rel="noopener" when opening a link that opens in a new window
Wt::WLink supports the very useful LinkTarget::NewWindow, which can be used to have a WAnchor element open a link in a new window. In HTML, such a link is rendered as follows:
<a id=".." href=".." target="_blank">..</a>
In newer browsers, the behavior has been changed to not allow access to the opener unless rel="opener" is set on the link explicitly, which is a safer default.
To behave consistently and securely across browsers, Wt should set rel="noopener" on all links that open in a new window.
Other improvements to consider:
- Wt could provide an option to set rel="opener" (maybe by introducing a new LinkTarget value like NewWindowWithOpener) but I'm not sure it makes sense for Wt apps.
- Wt could provide an option to set rel="noreferrer". It's currently possible to do this via setAttributeValue() on the WAnchor object, but it might make sense for this to be part of the WLink instead.
No data to display