Restrict blackshield protection in modern WebKit-based browsers and Firefox

최근 브라우저들은 target="_blank" 사용시 자동으로 rel="noopener" 선언한 것으로 취급하므로 별도로 처리해 줄 필요가 없으며, blankshield 라이브러리 사용시 오히려 문제가 발생하는 경우가 많음. (예: iOS 웹뷰)
2026-01-03 16:51:40 +09:00 · 2022-07-31 21:38:10 +09:00 · 2022-07-31 21:38:10 +09:00 · 4cbe598a50
commit 4cbe598a50
parent 1e27bae404
1 changed files with 51 additions and 34 deletions
--- a/common/js/common.js
+++ b/common/js/common.js
@ -316,45 +316,62 @@ jQuery(function($) {
 		$(this).parents("form[method]").filter(function() { return String($(this).attr("method")).toUpperCase() == "POST"; }).addCSRFTokenToForm();
 	});
 	
-	/* Tabnapping protection, step 1 */
-	$('a[target]').each(function() {
-		var $this = $(this);
-		var href = String($this.attr('href')).trim();
-		var target = String($this.attr('target')).trim();
-		if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
-			return;
+	/**
+	 * Reverse tabnapping protection
+	 * 
+	 * Automatically add rel="noopener" to any external link with target="_blank"
+	 * This is not required in most modern browsers.
+	 * https://caniuse.com/mdn-html_elements_a_implicit_noopener
+	 */
+	var noopenerRequired = (function() {
+		var isChromeBased = navigator.userAgent.match(/Chrome\/([0-9]+)/);
+		if (isChromeBased && parseInt(isChromeBased[1], 10) >= 72) {
+			return false;
 		}
-		if (!window.XE.isSameHost(href)) {
-			var rel = $this.attr('rel');
-			rel = (typeof rel === 'undefined') ? '' : String(rel);
-			if (!rel.match(/\bnoopener\b/)) {
-				$this.attr('rel', $.trim(rel + ' noopener'));
-			}
+		var isAppleWebKit = navigator.userAgent.match(/AppleWebKit\/([0-9]+)/);
+		if (isAppleWebKit && parseInt(isAppleWebKit[1], 10) >= 605) {
+			return false;
 		}
-	});
-
-	/* Tabnapping protection, step 2 */
-	$('body').on('click', 'a[target]', function(event) {
-		var $this = $(this);
-		var href = String($this.attr('href')).trim();
-		var target = String($this.attr('target')).trim();
-		if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
-			return;
+		var isFirefox = navigator.userAgent.match(/Firefox\/([0-9]+)/);
+		if (isFirefox && parseInt(isFirefox[1], 10) >= 79) {
+			return false;
 		}
-		if (!window.XE.isSameHost(href)) {
-			var rel = $this.attr('rel');
-			rel = (typeof rel === 'undefined') ? '' : String(rel);
-			if (!rel.match(/\bnoopener\b/)) {
-				$this.attr('rel', $.trim(rel + ' noopener'));
-			}
-			var isChrome = navigator.userAgent.match(/Chrome\/([0-9]+)/);
-			if (isChrome && parseInt(isChrome[1], 10) >= 72) {
+		return true;
+	})();
+	if (noopenerRequired) {
+		$('a[target]').each(function() {
+			var $this = $(this);
+			var href = String($this.attr('href')).trim();
+			var target = String($this.attr('target')).trim();
+			if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
 				return;
 			}
-			event.preventDefault();
-			blankshield.open(href);
-		}
-	});
+			if (!window.XE.isSameHost(href)) {
+				var rel = $this.attr('rel');
+				rel = (typeof rel === 'undefined') ? '' : String(rel);
+				if (!rel.match(/\bnoopener\b/)) {
+					$this.attr('rel', $.trim(rel + ' noopener'));
+				}
+			}
+		});
+		$('body').on('click', 'a[target]', function(event) {
+			var $this = $(this);
+			var href = String($this.attr('href')).trim();
+			var target = String($this.attr('target')).trim();
+			if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
+				return;
+			}
+			if (!window.XE.isSameHost(href)) {
+				var rel = $this.attr('rel');
+				rel = (typeof rel === 'undefined') ? '' : String(rel);
+				if (!rel.match(/\bnoopener\b/)) {
+					$this.attr('rel', $.trim(rel + ' noopener'));
+				}
+				event.preventDefault();
+				blankshield.open(href);
+			}
+		});
+	}
 	
 	/* Editor preview replacement */
 	$(".editable_preview").addClass("rhymix_content xe_content").attr("tabindex", 0);