In your earlier post you've said that noreferrer hides the noopener and the referrer info, here look, its your words:
Please read my reply carefully. I was explaining that noreferrer does the same thing as noopener, but also hides the referrer. Usage of noopener it self does not hide the referrer. We have already added a parameter to disable usage of noreferrer within Parameters > Display of your web address fields.
fb is using it carefully, why not here?:
Facebook has them for me because I am using Chrome, which has security patched the issue and made noopener the default behavior. Your browser has not. This means not all the URLs for you will have noopener until Facebook finishes updating it from their end or your browser security patches it. If you're using Chrome and noopener is still missing then be sure to update your browser. Twitter has already begun rolling out this change internally and you'll see noopener in FireFox and IE. Expect more and more sites to be adding it. Waiting for browsers to fix this vulnerability is not an option as not everyone even bothers to update their browser.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
I wholeheartedly agreed that forcing noreferrer may not fit every usecase. I also explained why noopener was added, that it had no negative downsides, and that it won't be removed. I however was fine adding a parameter to disable noreferrer.
That parameter was added as part of the below ticket, which is available under Parameters > Display of your web address fields in the latest build of CB.
If you've an issue with noopener then start a new topic citing your exact reasons as to why you want it removed and if you feel it poses a negative impact on your site then please cite your sources. We have found no negative impact as a result of using noopener (it's entirely beneficial to your site) and no usecase for it to be removed for user supplied web address field URLs.
This topic is closed and am locking it from further discussion as it's doing nothing but creating further negativity.
Kyle (Krileon) Community Builder Team Member Before posting on forums:
Read FAQ thoroughly
+
Read our Documentation
+
Search the forums CB links:
Documentation
-
Localization
-
CB Quickstart
-
CB Paid Subscriptions
-
Add-Ons
-
Forge
-- If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
-- If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please
send me a private message
with your thread and will reply when possible!
-- Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
-- My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
krileon
