No commit activity in last 3 years
No release in over 3 years
Adds noopener and noreferrer to target blank links in a Rails application.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 2.1
~> 1.11
~> 0.8
~> 10.0
~> 3.0

Runtime

>= 0
 Project Readme

SafeTargetBlank

Gem Version Build Coverage Status

SafeTargetBlank will secure your rails Application use of link_to helper.

If you use the target="_blank" attribute on a link, you are leaving your users open to a very simple phishing attack. Adding rel="noopener noreferrer" on those links will prevent this vulnerability.

Read more about this issue here:

Installation

Add this line to your application's Gemfile:

gem 'safe_target_blank'

Now each time you use the link_to helper with target="_blank", rel="noopener noreferrer" will be added.

link_to 'Safe', 'safe.io', target: :_blank
#=> '<a target="_blank" rel="noopener noreferrer" href="safe.io">Safe</a>'

You can opt out with opener and referrer options.

link_to 'Safe', 'safe.io', target: :_blank, referrer: true
#=> '<a target="_blank" rel="noopener" href="safe.io">Safe</a>'

Or disable it globally.

SafeTargetBlank.opener = true
link_to 'Safe', 'safe.io', target: :_blank
#=> '<a target="_blank" rel="noreferrer" href="safe.io">Safe</a>'

Contributing

After checking out the repo, run bin/setup to install dependencies. Then, run rake to run the tests.

You can also run bin/console for an interactive prompt that will allow you to experiment.

Bug reports and pull requests are welcome on GitHub.

License

The gem is available as open source under the terms of the MIT License.