noBlankTarget
このコンテンツはまだ日本語訳がありません。
Diagnostic Category: lint/a11y/noBlankTarget
Since: v1.0.0
Sources:
- Same as:
react/jsx-no-target-blank
Disallow target="_blank"
attribute without rel="noreferrer"
When creating anchor a
element, there are times when its link has to be opened in a new browser tab
via target="_blank"
attribute. This attribute has to paired with rel="noreferrer"
or you’re incur
in a security issue.
Refer to the noreferrer documentation and the the noopener documentation
Examples
Section titled ExamplesInvalid
Section titled Invalidcode-block.jsx:1:32 lint/a11y/noBlankTarget FIXABLE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✖ Avoid using target=“_blank” without rel=“noreferrer”.
> 1 │ <a href=‘http://external.link’ target=’_blank’>child</a>
│ ^^^^^^^^^^^^^^^
2 │
ℹ Opening external links in new tabs without rel=“noreferrer” is a security risk. See the explanation for more details.
ℹ Safe fix: Add the rel=“noreferrer” attribute.
1 │ <a·href=‘http://external.link’·target=’_blank’·rel=“noreferrer”>child</a>
│ +++++++++++++++++
code-block.jsx:1:32 lint/a11y/noBlankTarget FIXABLE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✖ Avoid using target=“_blank” without rel=“noreferrer”.
> 1 │ <a href=‘http://external.link’ target=’_blank’ rel=‘noopener’>child</a>
│ ^^^^^^^^^^^^^^^
2 │
ℹ Opening external links in new tabs without rel=“noreferrer” is a security risk. See the explanation for more details.
ℹ Safe fix: Add the “noreferrer” to the existing attribute.
1 │ - <a·href=‘http://external.link’·target=’_blank’·rel=‘noopener’>child</a>
1 │ + <a·href=‘http://external.link’·target=’_blank’·rel=“noreferrer·noopener”>child</a>
2 2 │
code-block.jsx:1:43 lint/a11y/noBlankTarget FIXABLE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✖ Avoid using target=“_blank” without rel=“noreferrer”.
> 1 │ <a {…props} href=‘http://external.link’ target=’_blank’ rel=‘noopener’>child</a>
│ ^^^^^^^^^^^^^^^
2 │
ℹ Opening external links in new tabs without rel=“noreferrer” is a security risk. See the explanation for more details.
ℹ Safe fix: Add the “noreferrer” to the existing attribute.
1 │ - <a·{...props}·href=‘http://external.link’·target=’_blank’·rel=‘noopener’>child</a>
1 │ + <a·{...props}·href=‘http://external.link’·target=’_blank’·rel=“noreferrer·noopener”>child</a>
2 2 │
Valid
Section titled ValidOptions
Section titled OptionsThe option allowDomains
allows specific domains to use target="_blank"
without rel="noreferrer"
.
In the following configuration, it’s allowed to use the domains https://example.com
and example.org
:
The diagnostic is applied to all domains not in the allow list:
code-block.jsx:3:6 lint/a11y/noBlankTarget FIXABLE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠ Avoid using target=“_blank” without rel=“noreferrer”.
1 │ <>
2 │ <a target=’_blank’ testme href=‘https://example.com’></a>
> 3 │ <a target=’_blank’ href=‘example.org’></a>
│ ^^^^^^^^^^^^^^^
4 │ </>
5 │
ℹ Opening external links in new tabs without rel=“noreferrer” is a security risk. See the explanation for more details.
ℹ Safe fix: Add the rel=“noreferrer” attribute.
3 │ ··<a·target=’_blank’·href=‘example.org’·rel=“noreferrer”></a>
│ +++++++++++++++++
Biome doesn’t check if the list contains valid URLs.