From 4b7d254560f844d372137bbcab9e08ab6e831084 Mon Sep 17 00:00:00 2001
From: Eric Liu <ericyl.us@gmail.com>
Date: Fri, 4 Sep 2020 17:05:47 -0700
Subject: [PATCH] feat(link): set rel to "noopener noreferrer" if target is
 "_blank"

Protects against cross-origin window.opener exploits when the target attribute is "_blank"
---
 src/Link/Link.svelte | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Link/Link.svelte b/src/Link/Link.svelte
index 3035fcc1..4f4c171a 100644
--- a/src/Link/Link.svelte
+++ b/src/Link/Link.svelte
@@ -38,6 +38,7 @@
     class:bx--link="{true}"
     class:bx--link--disabled="{disabled}"
     class:bx--link--inline="{inline}"
+    rel="{$$restProps.target === '_blank' ? 'noopener noreferrer' : undefined}"
     {...$$restProps}
     on:click
     on:mouseover