Don't touch my tabs! (rel=noopener) di Jeroen Swen
Prevent tabs opened by a hyperlink from hijacking the previous tab by adding the rel=noopener attribute to all hyperlinks (excluding same-domain hyperlinks).
Metadati estensione
Hi!
Did you know that whenever you click on a hyperlink that opens a page in a new tab, the new page is able to control what page is loaded in the previous tab?
"Why is this bad for me?"
Advertisers are using this trick to harass everyone these days, and worse, hackers can replace the previous tab with a fake login page of the service you're navigating away from when you follow a hyperlink to an evil web page.
"That's not good! What now?"
The World Wide Web Consortium (W3C) decided that something needed to be created to stop this from happening, and the "rel=noopener" attribute was born.
This attribute can be added to any hyperlink to prevent the new window from accessing the previous window object.
"Sweet!"
Well here's the catch: Because they didn't want to 'break the internet' this became an optional attribute that web developers and designers have to add to each single hyperlink in order to protect you. This means that trillions of Hyperlinks that do not give us this protection have to be fixed, manually, and let's be honest, this will not happen.
"Break the internet? But.. my security!"
Well they do have a point in some way, since some web applications make use of this function, it would break those web applications if they would just change the way hyperlinks work.
"So what now?"
I created a simple browser extension to solve this problem for you.
When you add this extension to your browser, all it will do is add the "rel=noopener" attribute to any hyperlink that opens a page in a new tab or window.
"But won't this 'break my internet'?"
Nope! Because when a hyperlink points to a web page hosted on the same domain name as the one you're on, it will NOT add the rel=noopener attribute. Neat huh?
"Does it do anything else?"
No, that's all! :]
I just want to share this with the rest of the internet.
"Can you give me some technical details?"
Sure thing! Basically, this add-on:
1. Searches for any hyperlink that points to a page that is not hosted on the same domain as the viewed page and checks if it has the target="_blank" attribute.
2A. If the found Hyperlink has no rel= attribute, it adds rel=noopener to the hyperlink.
2B. If the found Hyperlink already has a rel= attribute the noopener value is added if it does not exist, leaving all other values intact.
"When I press 'Add to Firefox' it says "Access your data for all websites", that's scary!"
Kudos for being alert!
This add-on needs to make changes to the underlying HTML-code of every web-page you visit to add the "rel=noopener" attribute.
That's all it is, it's not eaves-dropping or anything like that.
I invite you to view the source code of this add-on to put your mind at ease.
"Where can I find the source code?"
I used to host it on GitHub, but wasn't keeping it up-to-date. I therefore disabled the repository until I have a proper one.
However, for now, you can use a neat little trick, just right-click the "Add to Firefox" button and save the file offered to you.
Noticed that it's extension is ".xpi"? Suprise, it's actually a ZIP-file, so just rename it to ".zip" and open it. Poof! Magic!
Did you know that whenever you click on a hyperlink that opens a page in a new tab, the new page is able to control what page is loaded in the previous tab?
"Why is this bad for me?"
Advertisers are using this trick to harass everyone these days, and worse, hackers can replace the previous tab with a fake login page of the service you're navigating away from when you follow a hyperlink to an evil web page.
"That's not good! What now?"
The World Wide Web Consortium (W3C) decided that something needed to be created to stop this from happening, and the "rel=noopener" attribute was born.
This attribute can be added to any hyperlink to prevent the new window from accessing the previous window object.
"Sweet!"
Well here's the catch: Because they didn't want to 'break the internet' this became an optional attribute that web developers and designers have to add to each single hyperlink in order to protect you. This means that trillions of Hyperlinks that do not give us this protection have to be fixed, manually, and let's be honest, this will not happen.
"Break the internet? But.. my security!"
Well they do have a point in some way, since some web applications make use of this function, it would break those web applications if they would just change the way hyperlinks work.
"So what now?"
I created a simple browser extension to solve this problem for you.
When you add this extension to your browser, all it will do is add the "rel=noopener" attribute to any hyperlink that opens a page in a new tab or window.
"But won't this 'break my internet'?"
Nope! Because when a hyperlink points to a web page hosted on the same domain name as the one you're on, it will NOT add the rel=noopener attribute. Neat huh?
"Does it do anything else?"
No, that's all! :]
I just want to share this with the rest of the internet.
"Can you give me some technical details?"
Sure thing! Basically, this add-on:
1. Searches for any hyperlink that points to a page that is not hosted on the same domain as the viewed page and checks if it has the target="_blank" attribute.
2A. If the found Hyperlink has no rel= attribute, it adds rel=noopener to the hyperlink.
2B. If the found Hyperlink already has a rel= attribute the noopener value is added if it does not exist, leaving all other values intact.
"When I press 'Add to Firefox' it says "Access your data for all websites", that's scary!"
Kudos for being alert!
This add-on needs to make changes to the underlying HTML-code of every web-page you visit to add the "rel=noopener" attribute.
That's all it is, it's not eaves-dropping or anything like that.
I invite you to view the source code of this add-on to put your mind at ease.
"Where can I find the source code?"
I used to host it on GitHub, but wasn't keeping it up-to-date. I therefore disabled the repository until I have a proper one.
However, for now, you can use a neat little trick, just right-click the "Add to Firefox" button and save the file offered to you.
Noticed that it's extension is ".xpi"? Suprise, it's actually a ZIP-file, so just rename it to ".zip" and open it. Poof! Magic!
Segnala questo componente aggiuntivo per abuso
Se ritieni che questo componente aggiuntivo violi le politiche Mozilla sui componenti aggiuntivi o presenti dei possibili rischi di sicurezza o privacy, utilizza il seguente modulo per segnalarlo.
Attenzione: non utilizzare questo modulo per segnalare bug o richiedere nuove funzionalità; la segnalazione verrà inoltrata direttamente a Mozilla e non all’autore del componente aggiuntivo.
Sostieni il mantenimento e l’aggiornamento di questa estensione con una piccola donazione allo sviluppatore.
Questo componente aggiuntivo necessita di:
- Accedere ai dati di tutti i siti web
- Versione
- 2.2.0
- Dimensione
- 10,72 kB
- Ultimo aggiornamento
- un anno fa (22 mar 2020)
- Licenza
- Licenza MIT/X11
- Cronologia versioni
'Don't touch my tabs!' now also protects you on pages that are loaded within frames!
Technical details:
In 'manifest.json', "all_frames=true" was added to 'content_scripts'.
Also see: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts
Technical details:
In 'manifest.json', "all_frames=true" was added to 'content_scripts'.
Also see: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_scripts
Non ci sono ancora valutazioni- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni
- Non ci sono ancora valutazioni