SafeTargetBlank
SafeTargetBlank will secure your rails Application use of link_to
helper.
If you use the target="_blank"
attribute on a link, you are leaving your users open to a very simple phishing attack.
Adding rel="noopener noreferrer"
on those links will prevent this vulnerability.
Read more about this issue here:
- https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
- https://dev.to/ben/the-targetblank-vulnerability-by-example
Installation
Add this line to your application's Gemfile:
gem 'safe_target_blank'
Now each time you use the link_to
helper with target="_blank"
, rel="noopener noreferrer"
will be added.
link_to 'Safe', 'safe.io', target: :_blank
#=> '<a target="_blank" rel="noopener noreferrer" href="safe.io">Safe</a>'
You can opt out with opener
and referrer
options.
link_to 'Safe', 'safe.io', target: :_blank, referrer: true
#=> '<a target="_blank" rel="noopener" href="safe.io">Safe</a>'
Or disable it globally.
SafeTargetBlank.opener = true
link_to 'Safe', 'safe.io', target: :_blank
#=> '<a target="_blank" rel="noreferrer" href="safe.io">Safe</a>'
Contributing
After checking out the repo, run bin/setup
to install dependencies.
Then, run rake
to run the tests.
You can also run bin/console
for an interactive prompt that will allow you to experiment.
Bug reports and pull requests are welcome on GitHub.
License
The gem is available as open source under the terms of the MIT License.