From cfebdd375254d1360eec396a74eebd77fe83aaa1 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <pento@git.wordpress.org>
Date: Mon, 8 Apr 2019 23:22:14 +0000
Subject: [PATCH] Widgets: Add `rel="noopener noreferrer"` to links with
 `target="_blank"` in the Image widget.

Props audrasjb, welcher, afercia.
Fixes #43280.



git-svn-id: https://develop.svn.wordpress.org/trunk@45144 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/widgets/class-wp-widget-media-image.php | 2 +-
 tests/phpunit/tests/widgets/media-image-widget.php      | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/wp-includes/widgets/class-wp-widget-media-image.php b/src/wp-includes/widgets/class-wp-widget-media-image.php
index ebc92897ac..ccf9d8908b 100644
--- a/src/wp-includes/widgets/class-wp-widget-media-image.php
+++ b/src/wp-includes/widgets/class-wp-widget-media-image.php
@@ -266,7 +266,7 @@ class WP_Widget_Media_Image extends WP_Widget_Media {
 			$link .= '>';
 			$link .= $image;
 			$link .= '</a>';
-			$image = $link;
+			$image = wp_targeted_link_rel( $link );
 		}
 
 		if ( $caption ) {
diff --git a/tests/phpunit/tests/widgets/media-image-widget.php b/tests/phpunit/tests/widgets/media-image-widget.php
index 3d4eaaa21e..aa4e65f267 100644
--- a/tests/phpunit/tests/widgets/media-image-widget.php
+++ b/tests/phpunit/tests/widgets/media-image-widget.php
@@ -541,6 +541,7 @@ class Test_WP_Widget_Media_Image extends WP_UnitTestCase {
 
 		$this->assertContains( '<a href="https://example.org"', $output );
 		$this->assertContains( 'target="_blank"', $output );
+		$this->assertContains( 'rel="noopener noreferrer"', $output );
 
 		// Populate caption in attachment.
 		wp_update_post(