lib/rubocop/cop/rails/link_to_blank.rb in rubocop-0.68.1 vs lib/rubocop/cop/rails/link_to_blank.rb in rubocop-0.69.0

@@ -6,18 +6,24 @@
       # This cop checks for calls to `link_to` that contain a
       # `target: '_blank'` but no `rel: 'noopener'`. This can be a security
       # risk as the loaded page will have control over the previous page
       # and could change its location for phishing purposes.
       #
+      # The option `rel: 'noreferrer'` also blocks this behavior
+      # and removes the http-referrer header.
+      #
       # @example
       #   # bad
       #   link_to 'Click here', url, target: '_blank'
       #
       #   # good
       #   link_to 'Click here', url, target: '_blank', rel: 'noopener'
+      #
+      #   # good
+      #   link_to 'Click here', url, target: '_blank', rel: 'noreferrer'
       class LinkToBlank < Cop
-        MSG = 'Specify a `:rel` option containing noopener.'.freeze
+        MSG = 'Specify a `:rel` option containing noopener.'
 
         def_node_matcher :blank_target?, <<-PATTERN
           (pair {(sym :target) (str "target")} {(str "_blank") (sym :_blank)})
         PATTERN
 
@@ -81,10 +87,11 @@
         end
 
         def contains_noopener?(value)
           return false unless value
 
-          value.to_s.split(' ').include?('noopener')
+          rel_array = value.to_s.split(' ')
+          rel_array.include?('noopener') || rel_array.include?('noreferrer')
         end
       end
     end
   end
 end