From 4351529f612ee248ca988322c6fe408b48d42a60 Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Sat, 23 Nov 2019 16:31:32 +0100
Subject: [PATCH] [BUGFIX] Use "noreferrer" instead of "noopener noreferrer"
Various patches introduced a feature to not send the referer
nor the opener information to external links.
However, just because others CMS do it this way,
one should carefully consider WHAT THESE THINGS DO.
So, adding "noreferrer" implicitly includes "noopener".
What this means is that we can save a lot of bytes, save the
environment by producing less bytes and sending them over the wire.
References:
- https://www.w3.org/TR/2011/WD-html5-20110113/links.html#link-type-noreferrer
- https://web.dev/external-anchors-use-rel-noopener/
- https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer
Relates: #78488
Relates: #89044
Resolves: #89757
Releases: master
Change-Id: Ia366169cd30da23f988bae04175fdaa18be418b2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62421
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <look@susi.dev>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Susanne Moog <look@susi.dev>
---
.../Private/Language/Modules/about.xlf | 8 +--
.../Resources/Private/Partials/Donation.html | 2 +-
.../Private/Partials/ExternalLibraries.html | 70 +++++++++----------
.../Controller/PageLayoutController.php | 2 +-
.../Classes/Utility/BackendUtility.php | 10 +--
.../Private/Language/locallang_login.xlf | 2 +-
.../Resources/Private/Layouts/Login.html | 4 +-
.../Classes/Error/DebugExceptionHandler.php | 2 +-
.../DefaultConfigurationDescription.yaml | 24 +++----
...-78488-AddRelNoreferrerToExternalLinks.rst | 27 +++++++
...ddRelnoopenerNoreferrerToExternalLinks.rst | 27 -------
.../Private/Templates/ErrorPage/Error.html | 2 +-
.../Templates/List/ShowAllVersions.html | 2 +-
.../ContentObject/ContentObjectRenderer.php | 2 +-
.../ContentObjectRendererTest.php | 4 +-
.../UpgradeAnalysis/DocumentationFile.php | 4 +-
.../Private/Templates/Maintenance/Cards.html | 2 +-
.../Private/Templates/Upgrade/Cards.html | 2 +-
.../Templates/Upgrade/ExtensionScanner.html | 2 +-
.../Private/Templates/mod_template.html | 2 +-
.../Private/Templates/Preview/Index.html | 2 +-
21 files changed, 101 insertions(+), 101 deletions(-)
create mode 100644 typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst
delete mode 100644 typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst
diff --git a/typo3/sysext/about/Resources/Private/Language/Modules/about.xlf b/typo3/sysext/about/Resources/Private/Language/Modules/about.xlf
index ab5cd3c34f64..93ec126bf1ed 100644
--- a/typo3/sysext/about/Resources/Private/Language/Modules/about.xlf
+++ b/typo3/sysext/about/Resources/Private/Language/Modules/about.xlf
@@ -25,22 +25,22 @@
<source>TYPO3 CMS - Professional Web Content Management System</source>
</trans-unit>
<trans-unit id="minor" resname="minor">
- <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.<br /><br />For further information visit <a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer">typo3.org</a>.<br /><br />TYPO3 CMS is <b>freely available</b> under the <a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank">TYPO3-license (GNU/GPL)</a>.<br /><br />You are using %s %s</source>
+ <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.<br /><br />For further information visit <a href="https://typo3.org/typo3-cms/" target="_blank" rel="noreferrer">typo3.org</a>.<br /><br />TYPO3 CMS is <b>freely available</b> under the <a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank">TYPO3-license (GNU/GPL)</a>.<br /><br />You are using %s %s</source>
</trans-unit>
<trans-unit id="cms_description" resname="cms_description">
- <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.<br /><br />For further information visit <a href="https://typo3.org/typo3-cms/" target="_blank" rel="noopener noreferrer">typo3.org</a>.<br /><br />TYPO3 CMS is <b>freely available</b> under the <a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank">TYPO3-license (GNU/GPL)</a>.<br /><br />You are using version %s - Copyright %s %s</source>
+ <source>TYPO3 CMS is an enterprise-class, Open Source Content Management System, used internationally to build and manage websites of all types, from small sites for non-profits to multilingual enterprise solutions for large corporations.<br /><br />For further information visit <a href="https://typo3.org/typo3-cms/" target="_blank" rel="noreferrer">typo3.org</a>.<br /><br />TYPO3 CMS is <b>freely available</b> under the <a href="https://typo3.org/typo3-cms/overview/licenses/" target="_blank">TYPO3-license (GNU/GPL)</a>.<br /><br />You are using version %s - Copyright %s %s</source>
</trans-unit>
<trans-unit id="community_credits" resname="community_credits">
<source>Community Credits</source>
</trans-unit>
<trans-unit id="information_detail" resname="information_detail">
- <source>Visit <a href="https://typo3.org/community/" target="_blank" rel="noopener noreferrer">typo3.org/community/</a> if you want to know why TYPO3 rocks.</source>
+ <source>Visit <a href="https://typo3.org/community/" target="_blank" rel="noreferrer">typo3.org/community/</a> if you want to know why TYPO3 rocks.</source>
</trans-unit>
<trans-unit id="coredevs" resname="coredevs">
<source>Core Team</source>
</trans-unit>
<trans-unit id="coredevs_detail" resname="coredevs_detail">
- <source>Visit <a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noopener noreferrer">typo3.org/teams-committees/core-development/</a> for the complete member list.<br /><br />The Git Repository and the ChangeLog can be found <a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank">here</a>.</source>
+ <source>Visit <a href="https://typo3.org/teams-committees/core-development/" target="_blank" rel="noreferrer">typo3.org/teams-committees/core-development/</a> for the complete member list.<br /><br />The Git Repository and the ChangeLog can be found <a href="https://forge.typo3.org/projects/typo3cms-core/" target="_blank">here</a>.</source>
</trans-unit>
<trans-unit id="extension_authors" resname="extension_authors">
<source>Extension Authors</source>
diff --git a/typo3/sysext/about/Resources/Private/Partials/Donation.html b/typo3/sysext/about/Resources/Private/Partials/Donation.html
index 0012c32b9852..fc8a7710e5db 100644
--- a/typo3/sysext/about/Resources/Private/Partials/Donation.html
+++ b/typo3/sysext/about/Resources/Private/Partials/Donation.html
@@ -6,7 +6,7 @@
<p>
{f:translate(key: 'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_message') -> f:format.raw()}
</p>
- <a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noopener noreferrer">
+ <a href="{donationUrl}" class="btn btn-default" title="{f:translate(key:'LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button')}" target="_blank" rel="noreferrer">
<f:translate key="LLL:EXT:about/Resources/Private/Language/Modules/about.xlf:donation_button" />
</a>
</div>
diff --git a/typo3/sysext/about/Resources/Private/Partials/ExternalLibraries.html b/typo3/sysext/about/Resources/Private/Partials/ExternalLibraries.html
index e794dd3d59c1..d7737b71ec59 100644
--- a/typo3/sysext/about/Resources/Private/Partials/ExternalLibraries.html
+++ b/typo3/sysext/about/Resources/Private/Partials/ExternalLibraries.html
@@ -10,143 +10,143 @@
<table class="table panel-table">
<tr>
<td>Composer</td>
- <td><a href="https://getcomposer.org" target="_blank" rel="noopener noreferrer">getcomposer.org</a></td>
+ <td><a href="https://getcomposer.org" target="_blank" rel="noreferrer">getcomposer.org</a></td>
</tr>
<tr>
<td>jQuery</td>
- <td><a href="https://jquery.com" target="_blank" rel="noopener noreferrer">jquery.com</a></td>
+ <td><a href="https://jquery.com" target="_blank" rel="noreferrer">jquery.com</a></td>
</tr>
<tr>
<td>Twitter Bootstrap</td>
- <td><a href="http://getbootstrap.com" target="_blank" rel="noopener noreferrer">getbootstrap.com</a></td>
+ <td><a href="http://getbootstrap.com" target="_blank" rel="noreferrer">getbootstrap.com</a></td>
</tr>
<tr>
<td>Doctrine Project (DBAL Component and Instantiator)</td>
- <td><a href="http://www.doctrine-project.org/projects/dbal.html" target="_blank" rel="noopener noreferrer">doctrine-project.org</a></td>
+ <td><a href="http://www.doctrine-project.org/projects/dbal.html" target="_blank" rel="noreferrer">doctrine-project.org</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Config</td>
- <td><a href="https://symfony.com/doc/current/components/config.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/config.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Console</td>
- <td><a href="https://symfony.com/doc/current/components/console.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/console.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: DependencyInjection</td>
- <td><a href="https://symfony.com/doc/current/components/dependency_injection.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/dependency_injection.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: ExpressionLanguage</td>
- <td><a href="https://symfony.com/doc/current/components/expression_language.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/expression_language.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Finder</td>
- <td><a href="https://symfony.com/doc/current/components/finder.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/finder.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Mailer</td>
- <td><a href="https://symfony.com/doc/current/components/mailer.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/mailer.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Mime</td>
- <td><a href="https://symfony.com/doc/current/components/mime.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/mime.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: PropertyAccess</td>
- <td><a href="https://symfony.com/doc/current/components/property_access.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/property_access.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: PropertyInfo</td>
- <td><a href="https://symfony.com/doc/current/components/property_info.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/property_info.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: Routing</td>
- <td><a href="https://symfony.com/doc/current/components/routing.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/routing.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Symfony Framework Component: YAML</td>
- <td><a href="https://symfony.com/doc/current/components/yaml.html" target="_blank" rel="noopener noreferrer">symfony.com</a></td>
+ <td><a href="https://symfony.com/doc/current/components/yaml.html" target="_blank" rel="noreferrer">symfony.com</a></td>
</tr>
<tr>
<td>Guzzle PHP</td>
- <td><a href="http://guzzlephp.org" target="_blank" rel="noopener noreferrer">guzzlephp.org</a></td>
+ <td><a href="http://guzzlephp.org" target="_blank" rel="noreferrer">guzzlephp.org</a></td>
</tr>
<tr>
<td>d3 Data Driven Documents</td>
- <td><a href="https://d3js.org" target="_blank" rel="noopener noreferrer">d3js.org</a></td>
+ <td><a href="https://d3js.org" target="_blank" rel="noreferrer">d3js.org</a></td>
</tr>
<tr>
<td>CKEditor</td>
- <td><a href="http://ckeditor.com" target="_blank" rel="noopener noreferrer">ckeditor.com</a></td>
+ <td><a href="http://ckeditor.com" target="_blank" rel="noreferrer">ckeditor.com</a></td>
</tr>
<tr>
<td>RequireJS</td>
- <td><a href="http://requirejs.org" target="_blank" rel="noopener noreferrer">requirejs.org</a></td>
+ <td><a href="http://requirejs.org" target="_blank" rel="noreferrer">requirejs.org</a></td>
</tr>
<tr>
<td>moment.js</td>
- <td><a href="https://momentjs.com" target="_blank" rel="noopener noreferrer">momentjs.com</a></td>
+ <td><a href="https://momentjs.com" target="_blank" rel="noreferrer">momentjs.com</a></td>
</tr>
<tr>
<td>NProgress</td>
- <td><a href="http://ricostacruz.com/nprogress/" target="_blank" rel="noopener noreferrer">ricostacruz.com</a></td>
+ <td><a href="http://ricostacruz.com/nprogress/" target="_blank" rel="noreferrer">ricostacruz.com</a></td>
</tr>
<tr>
<td>Autosize</td>
- <td><a href="http://www.jacklmoore.com/autosize/" target="_blank" rel="noopener noreferrer">jacklmoore.com</a></td>
+ <td><a href="http://www.jacklmoore.com/autosize/" target="_blank" rel="noreferrer">jacklmoore.com</a></td>
</tr>
<tr>
<td>Cropper.js</td>
- <td><a href="https://fengyuanchen.github.io/cropper/" target="_blank" rel="noopener noreferrer">fengyuanchen.github.io</a></td>
+ <td><a href="https://fengyuanchen.github.io/cropper/" target="_blank" rel="noreferrer">fengyuanchen.github.io</a></td>
</tr>
<tr>
<td>ImagesLoaded</td>
- <td><a href="http://imagesloaded.desandro.com" target="_blank" rel="noopener noreferrer">imagesloaded.desandro.com</a></td>
+ <td><a href="http://imagesloaded.desandro.com" target="_blank" rel="noreferrer">imagesloaded.desandro.com</a></td>
</tr>
<tr>
<td>jQuery UI</td>
- <td><a href="https://jqueryui.com" target="_blank" rel="noopener noreferrer">jqueryui.com</a></td>
+ <td><a href="https://jqueryui.com" target="_blank" rel="noreferrer">jqueryui.com</a></td>
</tr>
<tr>
<td>Twitter Bootstrap Plugin: DateTimePicker</td>
- <td><a href="https://eonasdan.github.io/bootstrap-datetimepicker/" target="_blank" rel="noopener noreferrer">eonasdan.github.io</a></td>
+ <td><a href="https://eonasdan.github.io/bootstrap-datetimepicker/" target="_blank" rel="noreferrer">eonasdan.github.io</a></td>
</tr>
<tr>
<td>Twitter Bootstrap Plugin: Slider</td>
- <td><a href="http://seiyria.com/bootstrap-slider/" target="_blank" rel="noopener noreferrer">seiyria.com</a></td>
+ <td><a href="http://seiyria.com/bootstrap-slider/" target="_blank" rel="noreferrer">seiyria.com</a></td>
</tr>
<tr>
<td>jQuery Plugin: Ajax AutoComplete</td>
- <td><a href="https://www.devbridge.com/sourcery/components/jquery-autocomplete/" target="_blank" rel="noopener noreferrer">devbridge.com</a></td>
+ <td><a href="https://www.devbridge.com/sourcery/components/jquery-autocomplete/" target="_blank" rel="noreferrer">devbridge.com</a></td>
</tr>
<tr>
<td>jQuery Plugin: DataTables</td>
- <td><a href="https://datatables.net" target="_blank" rel="noopener noreferrer">datatables.net</a></td>
+ <td><a href="https://datatables.net" target="_blank" rel="noreferrer">datatables.net</a></td>
</tr>
<tr>
<td>jQuery Plugin: MiniColors</td>
- <td><a href="http://labs.abeautifulsite.net/jquery-minicolors/" target="_blank" rel="noopener noreferrer">labs.abeautifulsite.net</a></td>
+ <td><a href="http://labs.abeautifulsite.net/jquery-minicolors/" target="_blank" rel="noreferrer">labs.abeautifulsite.net</a></td>
</tr>
<tr>
<td>jQuery Plugin: Tab Override</td>
- <td><a href="http://wjbryant.github.io/taboverride/" target="_blank" rel="noopener noreferrer">wjbryant.github.io</a></td>
+ <td><a href="http://wjbryant.github.io/taboverride/" target="_blank" rel="noreferrer">wjbryant.github.io</a></td>
</tr>
<tr>
<td>Neos (Form component)</td>
- <td><a href="https://www.neos.io" target="_blank" rel="noopener noreferrer">neos.io</a></td>
+ <td><a href="https://www.neos.io" target="_blank" rel="noreferrer">neos.io</a></td>
</tr>
<tr>
<td>FineDiff</td>
- <td><a href="https://github.com/cogpowered/FineDiff" target="_blank" rel="noopener noreferrer">github.com</a></td>
+ <td><a href="https://github.com/cogpowered/FineDiff" target="_blank" rel="noreferrer">github.com</a></td>
</tr>
<tr>
<td>IDNA Convert</td>
- <td><a href="https://idnaconv.net" target="_blank" rel="noopener noreferrer">idnaconv.net</a></td>
+ <td><a href="https://idnaconv.net" target="_blank" rel="noreferrer">idnaconv.net</a></td>
</tr>
<tr>
<td>CodeMirror</td>
- <td><a href="http://codemirror.net" target="_blank" rel="noopener noreferrer">codemirror.net</a></td>
+ <td><a href="http://codemirror.net" target="_blank" rel="noreferrer">codemirror.net</a></td>
</tr>
</table>
</div>
diff --git a/typo3/sysext/backend/Classes/Controller/PageLayoutController.php b/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
index a8a8730940b8..aadefce7ae62 100644
--- a/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
+++ b/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
@@ -541,7 +541,7 @@ class PageLayoutController
} else {
$externalUrl = htmlspecialchars(GeneralUtility::makeInstance(PageRepository::class)->getExtURL($this->pageinfo));
if ($externalUrl !== false) {
- $externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noopener noreferrer">' . $externalUrl . '</a>';
+ $externalUrlHtml = '<a href="' . $externalUrl . '" target="_blank" rel="noreferrer">' . $externalUrl . '</a>';
$view->assignMultiple([
'title' => $this->pageinfo['title'],
'message' => sprintf($lang->getLL('pageIsExternalLinkMessage'), $externalUrlHtml),
diff --git a/typo3/sysext/backend/Classes/Utility/BackendUtility.php b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
index 836cfebabd9a..f60ce7353b76 100644
--- a/typo3/sysext/backend/Classes/Utility/BackendUtility.php
+++ b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
@@ -3830,29 +3830,29 @@ class BackendUtility
$warrantyNote = sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:warranty.by'),
htmlspecialchars($loginCopyrightWarrantyProvider),
- '<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noopener noreferrer">',
+ '<a href="' . htmlspecialchars($loginCopyrightWarrantyURL) . '" target="_blank" rel="noreferrer">',
'</a>'
);
} else {
$warrantyNote = sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:no.warranty'),
- '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
+ '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noreferrer">',
'</a>'
);
}
- $cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' .
+ $cNotice = '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noreferrer">' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:typo3.cms') . '</a>. ' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:copyright') . ' © '
. htmlspecialchars(TYPO3_copyright_year) . ' Kasper Skårhøj. ' .
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:extension.copyright') . ' ' .
sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:details.link'),
- '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noopener noreferrer">' . TYPO3_URL_GENERAL . '</a>'
+ '<a href="' . TYPO3_URL_GENERAL . '" target="_blank" rel="noreferrer">' . TYPO3_URL_GENERAL . '</a>'
) . ' ' .
strip_tags($warrantyNote, '<a>') . ' ' .
sprintf(
$lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:free.software'),
- '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noopener noreferrer">',
+ '<a href="' . TYPO3_URL_LICENSE . '" target="_blank" rel="noreferrer">',
'</a> '
)
. $lang->sL('LLL:EXT:backend/Resources/Private/Language/locallang_login.xlf:keep.notice');
diff --git a/typo3/sysext/backend/Resources/Private/Language/locallang_login.xlf b/typo3/sysext/backend/Resources/Private/Language/locallang_login.xlf
index 3c3bd33633ef..5c49474f962f 100644
--- a/typo3/sysext/backend/Resources/Private/Language/locallang_login.xlf
+++ b/typo3/sysext/backend/Resources/Private/Language/locallang_login.xlf
@@ -43,7 +43,7 @@
<source>You are using an unsupported browser version.</source>
</trans-unit>
<trans-unit id="warning.incompatibleBrowserInternetExplorer" resname="warning.incompatibleBrowserInternetExplorer">
- <source>Please install <a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noopener noreferrer" />a more modern browser version</a>.</source>
+ <source>Please install <a href="http://www.microsoft.com/internetexplorer/" target="_blank" rel="noreferrer" />a more modern browser version</a>.</source>
</trans-unit>
<trans-unit id="newsheadline" resname="newsheadline">
<source>Important Messages</source>
diff --git a/typo3/sysext/backend/Resources/Private/Layouts/Login.html b/typo3/sysext/backend/Resources/Private/Layouts/Login.html
index c203eaf52ee1..8fde4ee0c20b 100644
--- a/typo3/sysext/backend/Resources/Private/Layouts/Login.html
+++ b/typo3/sysext/backend/Resources/Private/Layouts/Login.html
@@ -100,8 +100,8 @@
<f:format.raw>{copyright}</f:format.raw>
</p>
<ul class="list-unstyled">
- <li><a href="https://typo3.org" target="_blank" rel="noopener noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
- <li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noopener noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
+ <li><a href="https://typo3.org" target="_blank" rel="noreferrer" class="t3-login-link-typo3"><i class="fa fa-external-link"></i> TYPO3.org</a></li>
+ <li><a href="https://typo3.org/donate/online-donation/" target="_blank" rel="noreferrer" class="t3-login-link-donate"><i class="fa fa-external-link"></i> <f:translate key="login.donate" /></a></li>
</ul>
</div>
</div>
diff --git a/typo3/sysext/core/Classes/Error/DebugExceptionHandler.php b/typo3/sysext/core/Classes/Error/DebugExceptionHandler.php
index 45cb819bcf64..d0ceab6d1293 100644
--- a/typo3/sysext/core/Classes/Error/DebugExceptionHandler.php
+++ b/typo3/sysext/core/Classes/Error/DebugExceptionHandler.php
@@ -107,7 +107,7 @@ HTML;
Once you have found a solution to the problem, help others by contributing to the wiki page.
</p>
<p>
- <a href="$wikiLink" target="_blank" rel="noopener noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
+ <a href="$wikiLink" target="_blank" rel="noreferrer">Find a solution for this exception in the TYPO3 wiki.</a>
</p>
</div>
</div>
diff --git a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
index 75950ec1cb23..65697aeb63f3 100644
--- a/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
+++ b/typo3/sysext/core/Configuration/DefaultConfigurationDescription.yaml
@@ -52,7 +52,7 @@ GFX:
description: 'If set, the processor_stripColorProfileCommand is used with all processor image operations by default. See tsRef for setting this parameter explicitly for IMAGE generation.'
processor_stripColorProfileCommand:
type: text
- description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noopener noreferrer">imagemagick.org</a> for details'
+ description: 'String: Specify the command to strip the profile information, which can reduce thumbnail size up to 60KB. Command can differ in IM/GM, IM also know the -strip command. See <a href="http://www.imagemagick.org/Usage/thumbnails/#profiles" target="_blank" rel="noreferrer">imagemagick.org</a> for details'
processor_colorspace:
type: text
description: 'String: Specify the colorspace to use. Some ImageMagick versions (like 6.7.0 and above) use the sRGB colorspace, so all images are darker then the original. <br />Possible Values: CMY, CMYK, Gray, HCL, HSB, HSL, HWB, Lab, LCH, LMS, Log, Luv, OHTA, Rec601Luma, Rec601YCbCr, Rec709Luma, Rec709YCbCr, RGB, sRGB, Transparent, XYZ, YCbCr, YCC, YIQ, YCbCr, YUV'
@@ -99,10 +99,10 @@ SYS:
description: 'Defines a list of IP addresses which will allow development-output to display. The debug() function will use this as a filter. See the function <code>\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP()</code> for details on syntax. Setting this to blank value will deny all. Setting to "*" will allow all.'
ddmmyy:
type: text
- description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
+ description: 'Format of Day-Month-Year - see PHP-function <a href="http://php.net/date" target="_blank" rel="noreferrer">date()</a>'
hhmm:
type: text
- description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noopener noreferrer">date()</a>'
+ description: 'Format of Hours-Minutes - see PHP-function <a href="http://php.net/date" target="_blank" rel="noreferrer">date()</a>'
USdateFormat:
type: bool
description: 'If TRUE, dates entered in the TCEforms of the backend will be formatted mm-dd-yyyy'
@@ -129,18 +129,18 @@ SYS:
description: 'Integer: memory_limit in MB: If more than 16, TYPO3 will try to use ini_set() to set the memory limit of PHP to the value. This works only if the function ini_set() is not disabled by your sysadmin.'
phpTimeZone:
type: text
- description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noopener noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noopener noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
+ description: 'timezone to force for all date() and mktime() functions. A list of supported values can be found at <a href="http://php.net/manual/en/timezones.php" target="_blank" rel="noreferrer">php.net</a>. If this is not set, a valid fallback will be searched for by PHP (php.ini''s <a href="http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone" target="_blank" rel="noreferrer">date.timezone</a> setting, server defaults, etc); and if no fallback is found, the value of "UTC" is used instead.'
UTF8filesystem:
type: bool
description: |
<p>
If TRUE then TYPO3 uses utf-8 to store file names. This allows for accented Latin letters as well as any other non-latin characters like Cyrillic and Chinese.
<strong>IMPORTANT:</strong> This requires a UTF-8 compatible locale in order to work. Otherwise problems with filenames containing special characters will occur.
- See [SYS][systemLocale] and <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.
+ See [SYS][systemLocale] and <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noreferrer">setlocale()</a>.
</p>
systemLocale:
type: text
- description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noopener noreferrer">setlocale()</a>.'
+ description: 'Locale used for certain system related functions, e.g. escaping shell commands. If problems with filenames containing special characters occur, the value of this option is probably wrong. See <a href="http://php.net/manual/en/function.setlocale.php" target="_blank" rel="noreferrer">setlocale()</a>.'
reverseProxyIP:
type: list
description: 'List of IP addresses. If TYPO3 is behind one or more (intransparent) reverse proxies the IP addresses must be added here.'
@@ -181,13 +181,13 @@ SYS:
description: 'Classname to handle PHP errors. E.g.: TYPO3\CMS\Core\Error\ErrorHandler. This class displays and logs all errors that are registered as [SYS][errorHandlerErrors]. Leave empty to disable error handling. Errors will be logged and can be sent to the optionally installed developer log or to the "syslog" database table. If an error is registered in [SYS][exceptionalErrors] it will be turned into an exception to be handled by the configured exceptionHandler.'
errorHandlerErrors:
type: errors
- description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
+ description: 'The E_* constant that will be handled by the [SYS][errorHandler]. Not all PHP error types can be handled! Default is 30466 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noreferrer">PHP documentation</a>).'
exceptionalErrors:
type: errors
- description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noopener noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
+ description: 'The E_* constant that will be converted into an exception by the default [SYS][errorHandler]. Default is 4096 = <code>E_ALL & ~(E_STRICT | E_NOTICE | E_COMPILE_WARNING | E_COMPILE_ERROR | E_CORE_WARNING | E_CORE_ERROR | E_PARSE | E_ERROR | E_DEPRECATED | E_USER_DEPRECATED | E_WARNING | E_USER_ERROR | E_USER_NOTICE | E_USER_WARNING)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank rel="noreferrer"">PHP documentation</a>). E_USER_DEPRECATED is always excluded to avoid exceptions to be thrown for deprecation messages.'
belogErrorReporting:
type: errors
- description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noopener noreferrer">PHP documentation</a>).'
+ description: 'Configures which PHP errors should be logged to the "syslog" database table (extension: belog). If set to "0" no PHP errors are logged to the sys_log table. Default is 30711 = <code>E_ALL & ~(E_STRICT | E_NOTICE)</code> (see <a href="http://php.net/manual/en/errorfunc.constants.php" target="_blank" rel="noreferrer">PHP documentation</a>).'
generateApacheHtaccess:
type: bool
description: 'TYPO3 can create <em>.htaccess</em> files which are used by Apache Webserver. They are useful for access protection or performance improvements. Currently <em>.htaccess</em> files in the following directories are created, if they do not exist: <ul><li>typo3temp/compressor/</li></ul>You want to disable this feature, if you are not running Apache or want to use own rulesets.'
@@ -529,7 +529,7 @@ MAIL:
description: '<em>only with transport=smtp</em>: <server:port> of mailserver to connect to. <port> defaults to "25".'
transport_smtp_encrypt:
type: text
- description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noopener noreferrer"">stream_get_transports()</a>.'
+ description: '<em>only with transport=smtp</em>: Connect to the server using the specified transport protocol. Requires openssl library. Usually available: <em>ssl, sslv2, sslv3, tls</em>. Check <a href="http://www.php.net/stream_get_transports" target="_blank rel="noreferrer"">stream_get_transports()</a>.'
transport_smtp_username:
type: text
description: '<em>only with transport=smtp</em>: If your SMTP server requires authentication, enter your username here.'
@@ -574,8 +574,8 @@ HTTP:
type: mixed
description: |
<p>Default single proxy server as "proxy.example.org".</p>
- <p>Multiple proxies for different protocols can be added separately as array as well as authentication and port; see <a href="http://docs.guzzlephp.org/en/latest/request-options.html#proxy" target="_blank" rel="noopener noreferrer">the documentation</a> for details.</p>
- <p>The configuration with an array must be made in the <code>AdditionalConfiguration.php</code>; see <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/GlobalValues/Typo3ConfVars/Index.html#file-additionalconfiguration-php" target="_blank" rel="noopener noreferrer">the documentation</a> for details.</p>
+ <p>Multiple proxies for different protocols can be added separately as array as well as authentication and port; see <a href="http://docs.guzzlephp.org/en/latest/request-options.html#proxy" target="_blank" rel="noreferrer">the documentation</a> for details.</p>
+ <p>The configuration with an array must be made in the <code>AdditionalConfiguration.php</code>; see <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/GlobalValues/Typo3ConfVars/Index.html#file-additionalconfiguration-php" target="_blank" rel="noreferrer">the documentation</a> for details.</p>
ssl_key:
type: mixed
description: 'Mixed: Local certificate and an optional passphrase, see http://docs.guzzlephp.org/en/latest/request-options.html#ssl-key'
diff --git a/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst b/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst
new file mode 100644
index 000000000000..cb2fb04b23cc
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelNoreferrerToExternalLinks.rst
@@ -0,0 +1,27 @@
+.. include:: ../../Includes.txt
+
+========================================================
+Feature: #78488 - Add rel="noreferrer" to external links
+========================================================
+
+See :issue:`78488`
+
+Description
+===========
+
+All links processed by :ts:`typolink` with external links or using :html:`_blank`
+have been extended to contain :html:`rel="noreferrer"`.
+
+
+Impact
+======
+
+This property improves the security of the site:
+
+:html:`noreferrer`
+ This property prevents the browser, when navigating to another page, to send the page address, or any other value,
+ as referrer in according HTTP header. :html:`noreferrer` also implies the property :html:`noopener`, which instructs
+ the browser to open the link without granting the new browsing context access to the document that opened it.
+
+
+.. index:: Frontend
diff --git a/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst b/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst
deleted file mode 100644
index 98f7a7bad1dc..000000000000
--- a/typo3/sysext/core/Documentation/Changelog/10.1/Feature-78488-AddRelnoopenerNoreferrerToExternalLinks.rst
+++ /dev/null
@@ -1,27 +0,0 @@
-.. include:: ../../Includes.txt
-
-=================================================================
-Feature: #78488 - Add rel="noopener noreferrer" to external links
-=================================================================
-
-See :issue:`78488`
-
-Description
-===========
-
-All links processed by :ts:`typolink` with external links or using :html:`_blank`
-have been extended to contain :html:`rel="noopener noreferrer"`.
-
-
-Impact
-======
-
-Both properties improve the security of the site:
-
-:html:`noopener`
- This property instructs the browser to open the link without granting the new browsing context access to the document that opened it.
-:html:`noreferrer`
- This property prevents the browser, when navigating to another page, to send the page address, or any other value,
- as referrer in according HTTP header.
-
-.. index:: Frontend
diff --git a/typo3/sysext/core/Resources/Private/Templates/ErrorPage/Error.html b/typo3/sysext/core/Resources/Private/Templates/ErrorPage/Error.html
index 2ca155c16171..9894c0d7c4f6 100644
--- a/typo3/sysext/core/Resources/Private/Templates/ErrorPage/Error.html
+++ b/typo3/sysext/core/Resources/Private/Templates/ErrorPage/Error.html
@@ -25,7 +25,7 @@
<div class="callout-body">
{message}
<f:if condition="{errorCode} > 0">
- <p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noopener noreferrer">online</a>.</p>
+ <p>More information regarding this error might be available <a href="{errorCodeUrlPrefix}{errorCode}" target="_blank" rel="noreferrer">online</a>.</p>
</f:if>
</div>
</div>
diff --git a/typo3/sysext/extensionmanager/Resources/Private/Templates/List/ShowAllVersions.html b/typo3/sysext/extensionmanager/Resources/Private/Templates/List/ShowAllVersions.html
index aaebad9df20d..a1460d778016 100644
--- a/typo3/sysext/extensionmanager/Resources/Private/Templates/List/ShowAllVersions.html
+++ b/typo3/sysext/extensionmanager/Resources/Private/Templates/List/ShowAllVersions.html
@@ -47,7 +47,7 @@
<tr class="ter-ext-single-info-manual">
<th><f:translate key="extensionList.showAllVersions.manual" /></th>
<td>
- <a href="{f:if(condition:currentVersion.documentationLink,then:currentVersion.documentationLink,else:'https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/')}" target="_blank" rel="noopener noreferrer">
+ <a href="{f:if(condition:currentVersion.documentationLink,then:currentVersion.documentationLink,else:'https://docs.typo3.org/typo3cms/extensions/{currentVersion.extensionKey}/')}" target="_blank" rel="noreferrer">
<f:translate key="extensionList.showAllVersions.readOnline" />
</a>
</td>
diff --git a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
index 878ede0f4ce0..3ea79b2a0be9 100644
--- a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
+++ b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
@@ -5147,7 +5147,7 @@ class ContentObjectRenderer implements LoggerAwareInterface
protected function addSecurityRelValues(array $tagAttributes, ?string $target, string $url): array
{
- $relAttribute = 'noopener noreferrer';
+ $relAttribute = 'noreferrer';
if ($target !== '_blank' || $this->isInternalUrl($url)) {
return $tagAttributes;
}
diff --git a/typo3/sysext/frontend/Tests/Unit/ContentObject/ContentObjectRendererTest.php b/typo3/sysext/frontend/Tests/Unit/ContentObject/ContentObjectRendererTest.php
index e321ff8f4936..defd00bcb064 100644
--- a/typo3/sysext/frontend/Tests/Unit/ContentObject/ContentObjectRendererTest.php
+++ b/typo3/sysext/frontend/Tests/Unit/ContentObject/ContentObjectRendererTest.php
@@ -2761,14 +2761,14 @@ class ContentObjectRendererTest extends UnitTestCase
'extTarget' => '_blank',
'title' => 'Open new window',
],
- '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noopener noreferrer">TYPO3</a>',
+ '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noreferrer">TYPO3</a>',
],
'Link to url with attributes in parameter' => [
'TYPO3',
[
'parameter' => 'http://typo3.org _blank url-class "Open new window"',
],
- '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noopener noreferrer">TYPO3</a>',
+ '<a href="http://typo3.org" title="Open new window" target="_blank" class="url-class" rel="noreferrer">TYPO3</a>',
],
'Link to url with script tag' => [
'',
diff --git a/typo3/sysext/install/Classes/UpgradeAnalysis/DocumentationFile.php b/typo3/sysext/install/Classes/UpgradeAnalysis/DocumentationFile.php
index 4df72343cab9..3e0e55746081 100644
--- a/typo3/sysext/install/Classes/UpgradeAnalysis/DocumentationFile.php
+++ b/typo3/sysext/install/Classes/UpgradeAnalysis/DocumentationFile.php
@@ -324,8 +324,8 @@ class DocumentationFile
protected function parseContent(string $rstContent): string
{
$content = htmlspecialchars($rstContent);
- $content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
- $content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noopener noreferrer">\\1</a>', $content);
+ $content = preg_replace('/:issue:`([\d]*)`/', '<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noreferrer">\\1</a>', $content);
+ $content = preg_replace('/#([\d]*)/', '#<a href="https://forge.typo3.org/issues/\\1" target="_blank" rel="noreferrer">\\1</a>', $content);
$content = preg_replace('/(\n([=]*)\n(.*)\n([=]*)\n)/', '', $content, 1);
$content = preg_replace('/.. index::(.*)/', '', $content);
$content = preg_replace('/.. include::(.*)/', '', $content);
diff --git a/typo3/sysext/install/Resources/Private/Templates/Maintenance/Cards.html b/typo3/sysext/install/Resources/Private/Templates/Maintenance/Cards.html
index 08d4242f7c62..f11e37cd00a7 100644
--- a/typo3/sysext/install/Resources/Private/Templates/Maintenance/Cards.html
+++ b/typo3/sysext/install/Resources/Private/Templates/Maintenance/Cards.html
@@ -42,7 +42,7 @@
<f:then>
<div class="card-footer text-muted">
You can't use this feature, because your installation is in composer mode.
- Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noopener noreferrer">Composer dumpautoload</a>.
+ Guide: <a href="https://docs.typo3.org/m/typo3/reference-coreapi/master/en-us/ApiOverview/Autoloading/Index.html#loading-classes-with-composer-mode" target="_blank" rel="noreferrer">Composer dumpautoload</a>.
</div>
</f:then>
<f:else>
diff --git a/typo3/sysext/install/Resources/Private/Templates/Upgrade/Cards.html b/typo3/sysext/install/Resources/Private/Templates/Upgrade/Cards.html
index e3f4403782b8..46d6496e74d8 100644
--- a/typo3/sysext/install/Resources/Private/Templates/Upgrade/Cards.html
+++ b/typo3/sysext/install/Resources/Private/Templates/Upgrade/Cards.html
@@ -12,7 +12,7 @@
<f:then>
<div class="card-footer text-muted">
You can't use this feature, because your installation is in composer mode.
- Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noopener noreferrer">install the new source</a>.
+ Guide: <a href="https://docs.typo3.org/m/typo3/guide-installation/master/en-us/Upgrade/InstallTheNewSource/Index.html" target="_blank" rel="noreferrer">install the new source</a>.
</div>
</f:then>
<f:else>
diff --git a/typo3/sysext/install/Resources/Private/Templates/Upgrade/ExtensionScanner.html b/typo3/sysext/install/Resources/Private/Templates/Upgrade/ExtensionScanner.html
index b95c4cdc0a4d..77768a54a15b 100644
--- a/typo3/sysext/install/Resources/Private/Templates/Upgrade/ExtensionScanner.html
+++ b/typo3/sysext/install/Resources/Private/Templates/Upgrade/ExtensionScanner.html
@@ -6,7 +6,7 @@
upgrading to new core versions. However, the detection approach - based on static
code analysis - is limited by concept: false positives/negatives are impossible to avoid.
Further details can be found at
- <a style="text-decoration: underline;" target="_blank" rel="noopener noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
+ <a style="text-decoration: underline;" target="_blank" rel="noreferrer" href="https://docs.typo3.org/typo3cms/CoreApiReference/ApiOverview/ExtensionScanner/Index.html">
the official docs.
</a>
</p>
diff --git a/typo3/sysext/linkvalidator/Resources/Private/Templates/mod_template.html b/typo3/sysext/linkvalidator/Resources/Private/Templates/mod_template.html
index fc2b934edd83..f722a3ada2d2 100644
--- a/typo3/sysext/linkvalidator/Resources/Private/Templates/mod_template.html
+++ b/typo3/sysext/linkvalidator/Resources/Private/Templates/mod_template.html
@@ -49,7 +49,7 @@
<td>###ACTIONLINKOPEN######ELEMENT######ACTIONLINKCLOSE###</td>
<td>###PATH###</td>
<td>###HEADLINK###</td>
- <td><a href="###LINKTARGET###" target="_blank" rel="noopener noreferrer">###LINKTARGET###</a></td>
+ <td><a href="###LINKTARGET###" target="_blank" rel="noreferrer">###LINKTARGET###</a></td>
<td>###LINKMESSAGE###</td>
<td>###LASTCHECK###</td>
<td>###ACTIONLINKOPEN######ACTIONLINKICON######ACTIONLINKCLOSE###</td>
diff --git a/typo3/sysext/workspaces/Resources/Private/Templates/Preview/Index.html b/typo3/sysext/workspaces/Resources/Private/Templates/Preview/Index.html
index 1746f6625e65..5e407fca85ae 100644
--- a/typo3/sysext/workspaces/Resources/Private/Templates/Preview/Index.html
+++ b/typo3/sysext/workspaces/Resources/Private/Templates/Preview/Index.html
@@ -2,7 +2,7 @@
<div id="typo3-topbar">
<div class="typo3-topbar-container" role="navigation" id="typo3-top-container">
<div class="typo3-topbar-site">
- <a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noopener noreferrer">
+ <a class="typo3-topbar-site-logo" href="{logoLink}" target="_blank" rel="noreferrer">
<img src="{f:uri.resource(path: 'Images/typo3_logo_orange.svg', extensionName: 'backend')}" width="22" height="22" title="TYPO3 Content Management System" alt="">
</a>
<span class="typo3-topbar-site-name">{activeWorkspace}</span>
--
GitLab