Restrict blackshield protection in modern WebKit-based browsers and Firefox

최근 브라우저들은 target="_blank" 사용시 자동으로 rel="noopener" 선언한 것으로 취급하므로 별도로 처리해 줄 필요가 없으며, blankshield 라이브러리 사용시 오히려 문제가 발생하는 경우가 많음. (예: iOS 웹뷰)
2026-05-12 05:22:35 +09:00 · 2022-07-31 21:38:10 +09:00 · 2022-07-31 21:38:10 +09:00 · 4cbe598a50
commit 4cbe598a50
parent 1e27bae404
1 changed files with 51 additions and 34 deletions
--- a/common/js/common.js
+++ b/common/js/common.js
@ -316,45 +316,62 @@ jQuery(function($) {
 		$(this).parents("form[method]").filter(function() { return String($(this).attr("method")).toUpperCase() == "POST"; }).addCSRFTokenToForm();
 	});
-	/* Tabnapping protection, step 1 */
+	/**
-	$('a[target]').each(function() {
+	 * Reverse tabnapping protection
-		var $this = $(this);
+	 * 
-		var href = String($this.attr('href')).trim();
+	 * Automatically add rel="noopener" to any external link with target="_blank"
-		var target = String($this.attr('target')).trim();
+	 * This is not required in most modern browsers.
-		if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
+	 * https://caniuse.com/mdn-html_elements_a_implicit_noopener
-			return;
+	 */
 	var noopenerRequired = (function() {
 		var isChromeBased = navigator.userAgent.match(/Chrome\/([0-9]+)/);
 		if (isChromeBased && parseInt(isChromeBased[1], 10) >= 72) {
 			return false;
 		}
-		if (!window.XE.isSameHost(href)) {
+		var isAppleWebKit = navigator.userAgent.match(/AppleWebKit\/([0-9]+)/);
-			var rel = $this.attr('rel');
+		if (isAppleWebKit && parseInt(isAppleWebKit[1], 10) >= 605) {
-			rel = (typeof rel === 'undefined') ? '' : String(rel);
+			return false;
 			if (!rel.match(/\bnoopener\b/)) {
 				$this.attr('rel', $.trim(rel + ' noopener'));
 			}
 		}
-	});
+		var isFirefox = navigator.userAgent.match(/Firefox\/([0-9]+)/);
-
+		if (isFirefox && parseInt(isFirefox[1], 10) >= 79) {
-	/* Tabnapping protection, step 2 */
+			return false;
 	$('body').on('click', 'a[target]', function(event) {
 		var $this = $(this);
 		var href = String($this.attr('href')).trim();
 		var target = String($this.attr('target')).trim();
 		if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
 			return;
 		}
-		if (!window.XE.isSameHost(href)) {
+		return true;
-			var rel = $this.attr('rel');
+	})();
-			rel = (typeof rel === 'undefined') ? '' : String(rel);
+	if (noopenerRequired) {
-			if (!rel.match(/\bnoopener\b/)) {
+		$('a[target]').each(function() {
-				$this.attr('rel', $.trim(rel + ' noopener'));
+			var $this = $(this);
-			}
+			var href = String($this.attr('href')).trim();
-			var isChrome = navigator.userAgent.match(/Chrome\/([0-9]+)/);
+			var target = String($this.attr('target')).trim();
-			if (isChrome && parseInt(isChrome[1], 10) >= 72) {
+			if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
 				return;
 			}
-			event.preventDefault();
+			if (!window.XE.isSameHost(href)) {
-			blankshield.open(href);
+				var rel = $this.attr('rel');
-		}
+				rel = (typeof rel === 'undefined') ? '' : String(rel);
-	});
+				if (!rel.match(/\bnoopener\b/)) {
 					$this.attr('rel', $.trim(rel + ' noopener'));
 				}
 			}
 		});
 		$('body').on('click', 'a[target]', function(event) {
 			var $this = $(this);
 			var href = String($this.attr('href')).trim();
 			var target = String($this.attr('target')).trim();
 			if (!href || !target || target === '_top' || target === '_self' || target === '_parent') {
 				return;
 			}
 			if (!window.XE.isSameHost(href)) {
 				var rel = $this.attr('rel');
 				rel = (typeof rel === 'undefined') ? '' : String(rel);
 				if (!rel.match(/\bnoopener\b/)) {
 					$this.attr('rel', $.trim(rel + ' noopener'));
 				}
 				event.preventDefault();
 				blankshield.open(href);
 			}
 		});
 	}
 	/* Editor preview replacement */
 	$(".editable_preview").addClass("rhymix_content xe_content").attr("tabindex", 0);