External hyperlinks in task descriptions should use rel=noreferrer
for security and privacy
#5457
Open
4 tasks done
Labels
Checklist
Actual behaviour
Hyperlinks generated from Markdown hyperlinks or bare URLs in task descriptions do not have any attributes/tags associated with them. The problem is, this will open in the same tab and pass on the source/referrer information to the destination website, which is certainly not something you'd want from a private/personal kanban board.
Expected behaviour
In task details pages, and task description hover tooltips inside a board view (or anywhere else where a task description may be shown), hyperlinks to external websites should have:
rel=noreferrer
attribute (see this MDN information page; apparently this implicitly includesnoopener
too)target=_blank
too so that it opens in a new tab, instead of replacing the kanboard task pagetitle=the_URL
attribute to display the URL as a direct tooltip on hover when a "pretty" (non-bare) hyperlink is used, though that's probably less necessary as the browser can also reveal the URL through the statusbarSteps to reproduce
Write a hyperlink into the description of a task, such as this for example:
...then inspect the resulting HTML code with the browser's web inspector (
F12
).Configuration
The text was updated successfully, but these errors were encountered: