Does TW use rel="noopener noreferrer" on wikified external links?

114 views
Skip to first unread message

A Gloom

unread,
May 8, 2019, 5:04:51 PM5/8/19
to TiddlyWiki
TW documentation site advises on using rel="noopener noreferrer" on manually created external links (using html <a> tag)-- does TW use rel="noopener noreferrer" on wikified external links?.  I couldn't find anything showing it does though I would assume so (Wordpress does so for all external links).

TonyM

unread,
May 8, 2019, 8:48:26 PM5/8/19
to TiddlyWiki
A

Using the developer tools in Chrome/FireFox I used inspect to point to some links on TiddlyWiki.com generated from http://domain.com/folder external links and rel="noopener noreferrer" was used. So I expect the answer is yes. I would howver experiment to see if this is the same for [[name|http://domain.com/folder]] and <a href etc... I expect you may need to add this if using actual html in your wiki text.

Regards
Tony

A Gloom

unread,
May 8, 2019, 10:37:54 PM5/8/19
to tiddl...@googlegroups.com
Tony,

>>Using the developer tools in Chrome/FireFox I used inspect to point to some links on TiddlyWiki.com generated from http://domain.com/folder external links and

TY,  FF Dev Tools doesn't apply my browser's color theme so its hard for me to see it to use it.

>> I would howver experiment to see if this is the same for [[name|http://domain.com/folder]] and <a href etc... I expect you may need to add this if using actual html in >> your wiki text

I shall-- I already added rel="noopener noreferrer" to any html <a> links I have after seeing the advice concerning such a practice on the official TW site.

TonyM

unread,
May 9, 2019, 2:17:37 AM5/9/19
to TiddlyWiki
Aye

I can confirm [[name|http://domain.com/folder]] also results in rel="noopener noreferrer" being inserted 
however 
<a href="https://www.w3schools.com/html/">Visit our HTML tutorial</a>

 does not, but you can do it yourself.


Tony
Message has been deleted
Message has been deleted

A Gloom

unread,
May 9, 2019, 10:42:46 PM5/9/19
to TiddlyWiki
test -- replies keep gettin deleted

A Gloom

unread,
May 9, 2019, 10:45:53 PM5/9/19
to TiddlyWiki
tyvm for checking Tony

the html <a href> links I manually add "no-refere" to now after seeing the advisory about it on the official doc's site

A Gloom

unread,
May 10, 2019, 1:54:04 AM5/10/19
to TiddlyWiki
the link security is important to the wiki's I create for people, their content is usually in-house work, stuff not ready for public display so I try to keep their TW's from being linked back to if they use public URL links in their TW's.

This one example shown here is intitiatly misleading-- it looks like the buttons to import different content are not actually importing into the TW but creatig embed or iframe tiddlers to display content on local drive or online-- so potenially a lot of links.

tocimports.png


Jeremy Ruston

unread,
May 11, 2019, 11:05:03 AM5/11/19
to tiddl...@googlegroups.com
Hi A, Tony,

Just to confirm that TW5 does indeed add rel="noopener noreferrer” to links created with [ext[url]] and by typing an URL directly.

TW’s docs point to this blog post which explains why omitting this attribute can cause private information to be leaked:


Best wishes

Jeremy


On 10 May 2019, at 03:34, A Gloom <barro...@gmail.com> wrote:

I can confirm [[name|http://domain.com/folder]] also results in rel="noopener noreferrer" being inserted 
 
tyvm Tony for checking

>>
<a href="https://www.w3schools.com/html/">Visit our HTML tutorial</a>
>> does not, but you can do it yourself.

yep, my html <a> links get it manually added after I read the advisory here - https://tiddlywiki.com/#HTML%20Links%20in%20WikiText

--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/66677ffe-9601-4a0b-878b-f4a9c8b39253%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

A Gloom

unread,
May 11, 2019, 8:49:01 PM5/11/19
to TiddlyWiki

Just to confirm that TW5 does indeed add rel="noopener noreferrer” to links created with [ext[url]] and by typing an URL directly.

ty for the confirmation

 
TW’s docs point to this blog post which explains why omitting this attribute can cause private information to be leaked:


Yep, that's what got me on this thread


I'm wondering if the privacy precaution should be posted on doc pages like "How to embed PDF and other documents"-- does the automatic no-referer appending work with url's in embed/object/iframe html tags that have a src attribute?



Reply all
Reply to author
Forward
0 new messages