大数据安全>> cakephp-secure-target-blank>> 返回
项目作者: mosaxiv

项目描述 :
CakePHP3: Adds noopener and noreferrer to target _blank in Html Helper.
高级语言: PHP
项目地址: git://github.com/mosaxiv/cakephp-secure-target-blank.git
创建时间: 2017-12-13T17:34:04Z
项目社区:https://github.com/mosaxiv/cakephp-secure-target-blank
开源协议:MIT License
下载


SecureTargetBlank plugin for CakePHP

MIT License
Build Status

If you use the target="_blank" attribute on a link, you are leaving your users open to a very simple phishing attack. Adding rel="noopener noreferrer" on those links will prevent this vulnerability.
Further reading.

Requirements

  • PHP 7.0+
  • CakePHP 3.0.0+

Installation

You can install this plugin into your CakePHP application using composer.

The recommended way to install composer packages is:

  1. composer require mosaxiv/cakephp-secure-target-blank

Usage

AppView Setup

load Helper

  1. // src/View/AppView.php
  3. namespace App\View;
  5. use Cake\View\View;
  6. use SecureTargetBlank\View\Helper\HtmlHelper;
  8. class AppView extends View
  9. {
  10.     public function initialize()
  11.     {
  12.         $this->loadHelper('Html', [
  13.             'className' => HtmlHelper::class
  14.         ]);
  15.     }
  16. }

Helper Usage

Use the Html->link() with [target => "_blank"], rel="noopener noreferrer" will be added.

Basic

Html Helper:

  1. $this->Html->link('test', 'http://example.com', ['target' => '_blank'])

will render this HTML:

  1. '<a href="http://example.com" target="_blank" rel="noopener noreferrer">test</a>'

secureBlank Option

Html Helper:

  1. $this->Html->link('test_title', ['controller' => 'test'], ['target' => '_blank', 'secureBlank' => false]);

will render this HTML:

  1. <a href="/test/index" target="_blank">test_title</a>