mosaxiv/cakephp-secure-target-blank

Adds noopener and noreferrer to target _blank in Html Helper.

Maintainers

Details

github.com/mosaxiv/cakephp-secure-target-blank

Homepage

Source

Issues

Installs: 7

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 2

Forks: 0

Open Issues: 0

Type:cakephp-plugin

1.0.2 2017-12-21 14:29 UTC

Requires

Requires (Dev)

MIT e3505bf5c1b9ceca289c35b542c34fbdcf6271ae

plugincakephpsecure

This package is auto-updated.

Last update: 2024-04-15 04:48:50 UTC

README

MIT License Build Status

If you use the target="_blank" attribute on a link, you are leaving your users open to a very simple phishing attack. Adding rel="noopener noreferrer" on those links will prevent this vulnerability. Further reading.

Requirements

  • PHP 7.0+
  • CakePHP 3.0.0+

Installation

You can install this plugin into your CakePHP application using composer.

The recommended way to install composer packages is:

composer require mosaxiv/cakephp-secure-target-blank

Usage

AppView Setup

load Helper

// src/View/AppView.php

namespace App\View;

use Cake\View\View;
use SecureTargetBlank\View\Helper\HtmlHelper;

class AppView extends View
{
    public function initialize()
    {
        $this->loadHelper('Html', [
            'className' => HtmlHelper::class
        ]);
    }
}

Helper Usage

Use the Html->link() with [target => "_blank"], rel="noopener noreferrer" will be added.

Basic

Html Helper:

$this->Html->link('test', 'http://example.com', ['target' => '_blank'])

will render this HTML:

'<a href="http://example.com" target="_blank" rel="noopener noreferrer">test</a>'

secureBlank Option

Html Helper:

$this->Html->link('test_title', ['controller' => 'test'], ['target' => '_blank', 'secureBlank' => false]);

will render this HTML:

<a href="/test/index" target="_blank">test_title</a>