Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL watcher notification improvements #10791

Open
afercia opened this issue Aug 27, 2018 · 6 comments
Open

URL watcher notification improvements #10791

afercia opened this issue Aug 27, 2018 · 6 comments
Labels
featurerequest good first issue

Comments

@afercia
Copy link
Contributor

afercia commented Aug 27, 2018

After recent changes to the URL watcher notification, see #10089, there's room for a couple improvements:

See

wordpress-seo/admin/watchers/class-slug-change-watcher.php

Lines 218 to 220 in 6de0ff3

. ' ' . __( 'With Yoast SEO Premium, you can easily create such redirects.', 'wordpress-seo' )
. '</p>'
. '<p><a class="button-primary" href="' . WPSEO_Shortlinker::get( 'https://yoa.st/1d0' ) . '" target="_blank">' . __( 'Get Yoast SEO Premium', 'wordpress-seo' ) . '</a></p>';

  • Yoast SEO Premium shouldn't be translatable (2 occurrences)
  • the link with target="_blank" should at least inform users it's going to open a new browser's tab
  • to evaluate: should the link also use a rel="noopener noreferrer" or maybe just rel="noopener"?
@jonoalderson
Copy link

As a universal rule, links which resolve to yoast.com properties should not use noopener or noreferrer.

@afercia
Copy link
Contributor Author

afercia commented Aug 27, 2018

Re: Yoast SEO Premium, seems there's one more occurrence where it's translatable, in admin/class-help-center.php:

'linkText' => __( 'Get Yoast SEO Premium now »', 'wordpress-seo' )

As far as I see, all the other occurrences are OK.

@afercia
Copy link
Contributor Author

afercia commented Aug 27, 2018
edited
Loading

@jono-alderson thanks. Does noopener affects tracking or statistics in any way? Asking because there's a serious security reason to use noopener (exploitation of the window.opener API.), while 'noreferrer' is used for old browsers (they have many other security issues, so maybe it's a bit pointless). If noopener doesn't create issues, I'd strongly recommend to use it.

@jonoalderson
Copy link

Yup, it nukes tracking. But we're linking to a trusted source (yoast.com).

@afercia afercia mentioned this issue Sep 5, 2018
Open
@afercia
Copy link
Contributor Author

afercia commented Sep 10, 2018

Note: worth noting Gutenberg adds rel="noopener noreferrer" by default to all the links with a target="_blank" attribute, to match what TinyMCE does by default.

@afercia
Copy link
Contributor Author

afercia commented Sep 28, 2018

It was decided the new pattern to use is:

  • use noopener for all the non-yoast.com external links
  • omit it for the yoast.com links (including shortened links)

noreferrer is redundant, especially after https://core.trac.wordpress.org/changeset/41741
https://core.trac.wordpress.org/ticket/42036

@Djennez Djennez removed the backlog label Dec 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
featurerequest good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@afercia @jonoalderson @benvaassen @IreneStr @Djennez