%20--%3e%3c!DOCTYPE%20svg%20PUBLIC%20'-//W3C//DTD%20SVG%201.1//EN'%20'http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd'%3e%3csvg%20version='1.1'%20id='Layer_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20viewBox='0%200%20294.825%20258.982'%20xml:space='preserve'%3e%3cg%3e%3cpath%20fill='%2340b3ff'%20d='M273.336,124.488L215.469,23.816c-2.102-3.64-5.985-6.325-10.188-6.325H89.545%20c-4.204,0-8.088,2.685-10.19,6.325l-57.867,100.45c-2.102,3.641-2.102,8.236,0,11.877l57.867,99.847%20c2.102,3.64,5.986,5.501,10.19,5.501h115.735c4.203,0,8.087-1.805,10.188-5.446l57.867-100.01%20C275.439,132.396,275.439,128.128,273.336,124.488%20M225.419,172.898c0,1.48-0.891,2.849-2.174,3.59l-73.71,42.527%20c-1.282,0.74-2.888,0.74-4.17,0l-73.767-42.527c-1.282-0.741-2.179-2.109-2.179-3.59V87.843c0-1.481,0.884-2.849,2.167-3.59%20l73.707-42.527c1.282-0.741,2.886-0.741,4.168,0l73.772,42.527c1.283,0.741,2.186,2.109,2.186,3.59V172.898z'/%3e%3cg%20transform='translate(60,%2028)%20scale(1.6)'%3e%3cpath%20stroke='%23ff3e00'%20fill='%23ff3e00'%20stroke-width='50'%20d='M65,34%20L37,52%20A1%201%200%200%200%2044%2060%20L70.5,44.5%20A1%201%200%200%200%2065,34Z%20M64,67%20L36,85%20A1%201%200%200%200%2042%2094%20L68,77.5%20A1%201%200%200%200%2064,67Z'%20/%3e%3cpath%20stroke='%23ff3e00'%20fill='%23fff'%20stroke-width='1.5'%20d='M45.41,108.86A21.81,21.81,0,0,1,22,100.18,20.2,20.2,0,0,1,18.53,84.9a19,19,0,0,1,.65-2.57l.52-1.58,1.41,1a35.32,35.32,0,0,0,10.75,5.37l1,.31-.1,1a6.2,6.2,0,0,0,1.11,4.08A6.57,6.57,0,0,0,41,95.19a6,6,0,0,0,1.68-.74L70.11,76.94a5.76,5.76,0,0,0,2.59-3.83,6.09,6.09,0,0,0-1-4.6,6.58,6.58,0,0,0-7.06-2.62,6.21,6.21,0,0,0-1.69.74L52.43,73.31a19.88,19.88,0,0,1-5.58,2.45,21.82,21.82,0,0,1-23.43-8.68A20.2,20.2,0,0,1,20,51.8a19,19,0,0,1,8.56-12.7L56,21.59a19.88,19.88,0,0,1,5.58-2.45A21.81,21.81,0,0,1,85,27.82,20.2,20.2,0,0,1,88.47,43.1a19,19,0,0,1-.65,2.57l-.52,1.58-1.41-1a35.32,35.32,0,0,0-10.75-5.37l-1-.31.1-1a6.2,6.2,0,0,0-1.11-4.08,6.57,6.57,0,0,0-7.06-2.62,6,6,0,0,0-1.68.74L36.89,51.06a5.71,5.71,0,0,0-2.58,3.83,6,6,0,0,0,1,4.6,6.58,6.58,0,0,0,7.06,2.62,6.21,6.21,0,0,0,1.69-.74l10.48-6.68a19.88,19.88,0,0,1,5.58-2.45,21.82,21.82,0,0,1,23.43,8.68A20.2,20.2,0,0,1,87,76.2a19,19,0,0,1-8.56,12.7L51,106.41a19.88,19.88,0,0,1-5.58,2.45'%20/%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
# svelte/no-target-blank
disallow
target="_blank"attribute withoutrel="noopener noreferrer"
# 📖 Rule Details
This rule disallows using target="_blank" attribute without rel="noopener noreferrer" to avoid a security vulnerability in legacy browsers where a page can trigger a navigation in the opener regardless of origin (see here for more details).
<script>
/* eslint svelte/no-target-blank: "error" */
</script>
<!-- ✓ GOOD -->
<a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" Using target="_blank" without rel="noopener noreferrer" is a security risk. (svelte/no-target-blank)target="_blank">link</a># 🔧 Options
{
"svelte/no-target-blank": [
"error",
{
"allowReferrer": true,
"enforceDynamicLinks": "always"
}
]
}allowReferrer… Iftrue, allows theReferrerheader to be sent by not requiringnoreferrerto be present. defaultfalseenforceDynamicLinks ("always" | "never")… Ifalways, enforces the rule if the href is a dynamic link. defaultalways
# { allowReferrer: false } (default)
<script>
/* eslint svelte/no-target-blank: ['error', { allowReferrer: false }] */
</script>
<!-- ✓ GOOD -->
<a href="http://example.com" target="_blank" rel="noopener noreferrer">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" Using target="_blank" without rel="noopener noreferrer" is a security risk. (svelte/no-target-blank)target="_blank" rel="noopener">link</a># { allowReferrer: true }
<script>
/* eslint svelte/no-target-blank: ['error', { allowReferrer: true }] */
</script>
<!-- ✓ GOOD -->
<a href="http://example.com" target="_blank" rel="noopener">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" Using target="_blank" without rel="noopener noreferrer" is a security risk. (svelte/no-target-blank)target="_blank">link</a># { "enforceDynamicLinks": "always" } (default)
<script>
/* eslint svelte/no-target-blank: ['error', { enforceDynamicLinks: 'always' }] */
</script>
<!-- ✓ GOOD -->
<a href={link} target="_blank" rel="noopener noreferrer">link</a>
<!-- ✗ BAD -->
<a href={link} Using target="_blank" without rel="noopener noreferrer" is a security risk. (svelte/no-target-blank)target="_blank">link</a># { "enforceDynamicLinks": "never" }
<script>
/* eslint svelte/no-target-blank: ['error', { enforceDynamicLinks: 'never' }] */
</script>
<!-- ✓ GOOD -->
<a href={link} target="_blank">link</a>
<!-- ✗ BAD -->
<a href="http://example.com" Using target="_blank" without rel="noopener noreferrer" is a security risk. (svelte/no-target-blank)target="_blank">link</a># 🚀 Version
This rule was introduced in eslint-plugin-svelte v0.0.4