# SafeTargetBlank
[](http://badge.fury.io/rb/safe_target_blank)
[](https://travis-ci.org/jvenezia/safe_target_blank)
[](https://coveralls.io/github/jvenezia/safe_target_blank?branch=master)
SafeTargetBlank will secure your rails Application use of `link_to` helper.
If you use the `target="_blank"` attribute on a link, you are leaving your users open to a very simple phishing attack.
Adding `rel="noopener noreferrer"` on those links will prevent this vulnerability.
Read more about this issue here:
- https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
- https://dev.to/ben/the-targetblank-vulnerability-by-example
## Installation
Add this line to your application's Gemfile:
gem 'safe_target_blank'
Now each time you use the `link_to` helper with `target="_blank"`, `rel="noopener noreferrer"` will be added.
```ruby
link_to 'Safe', 'safe.io', taget: :_blank
#=> 'Safe'
```
You can opt out with `opener` and `referrer` options.
```ruby
link_to 'Safe', 'safe.io', taget: :_blank, referrer: true
#=> 'Safe'
```
Or disable it globally.
```ruby
SafeTargetBlank.opener = true
link_to 'Safe', 'safe.io', taget: :_blank
#=> 'Safe'
```
## Contributing
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
Bug reports and pull requests are welcome on GitHub at https://github.com/jvenezia/safe_target_blank. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
## License
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).