Comments: Add `noopener noreferrer` to author links in list table.

When viewing the listing of all comments, author links previously passed referrer information to untrusted URLs.  This change adds `noreferrer` to each author link, as well as `noopener` to prevent the passing of information about the parent window.

Props cybr, adam3128, erayalakese, andraganescu, audrasjb, joedolson, sabernhardt. 
Fixes #40916.
Built from https://develop.svn.wordpress.org/trunk@52007


git-svn-id: http://core.svn.wordpress.org/trunk@51596 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
davidbaumwald 2021-11-03 20:02:02 +00:00
parent aa62c253e0
commit 2e249395de
2 changed files with 7 additions and 2 deletions

View File

@ -947,7 +947,12 @@ class WP_Comments_List_Table extends WP_List_Table {
echo '</strong><br />'; echo '</strong><br />';
if ( ! empty( $author_url_display ) ) { if ( ! empty( $author_url_display ) ) {
printf( '<a href="%s">%s</a><br />', esc_url( $author_url ), esc_html( $author_url_display ) ); // Print link to author URL, and disallow referrer information (without using target="_blank").
printf(
'<a href="%s" rel="noopener noreferrer">%s</a><br />',
esc_url( $author_url ),
esc_html( $author_url_display )
);
} }
if ( $this->user_can ) { if ( $this->user_can ) {

View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.9-alpha-52006'; $wp_version = '5.9-alpha-52007';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.