Make external links use 'rel=noopener noreferrer'

[Blazeflack]

Just as the title status, I would like to suggest that Komga implements a 'noopener' and 'noreferrer' to external links. Alternatively that it be implemented as an option that can be configured in some way, be it through the control panel or via some obscure config file.

This is due to security and privacy concerns.

Thank you.

[gotson]

This is due to security and privacy concerns.

can you expand on that?

[Blazeflack]

Hi gotson,

Regarding security it is to prevent malicious activity in case a malicious link was added to a record in Komga, and then clicked on by a user. Without the 'rel=noopener' the target website can use the window.opener object to modify the origin webpage.

However, I have just realized that modern browsers automatically treat 'target=_blank' links as being 'rel=noopener', so the possible security issue by omitting the 'rel=noopener' is actually a non-issue. Source: https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/noopener

Regarding the privacy concerns by omitting 'rel=noreferrer', this is about ones instance of Komga being part of analytics data collection. I would prefer that sites I visit through a Komga instance does not track where I came from.

I hope the above were the answers you were looking for. If not I will try to elaborate further. Regarding the noopener you can disregard that part of the request now, which is arguably the most important part.

Thank you :)