Support the rel attribute on ModelAdmin buttons

Currently it is possible to pass the target attribute to a button created using ModelAdmin's ButtonHelper framework. This allows you to generate button links like <a ... target="_blank">. For example, if adding a new button and modeling it after the existing edit_button code [0], you can add {'target': "_blank"} to the returned dict and it'll get passed to the template when the button is rendered. To be consistent with PR 4844, and to be consistent with what seems to be the best practice ([1], [2]), we should also support passing the rel attribute, which would allow for creation of button links like <a ... target="_blank" rel="noopener noreferrer">. [0] 5e2f50403b/wagtail/contrib/modeladmin/helpers/button.py (L61-L73) [1] https://developers.google.com/web/tools/lighthouse/audits/noopener [2] https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/
2020-01-24 13:57:02 -05:00 · 2020-01-24 13:57:02 -05:00 · 81d23fc8ab
commit 81d23fc8ab
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@ -10,6 +10,7 @@ Changelog
 * Fix: Re-add 'Close Explorer' button on mobile viewports (Sævar Öfjörð Magnússon)
 * Fix: Add a more descriptive label to Password reset link for screen reader users (Casper Timmers, Martin Coote)
 * Fix: Improve Wagtail logo contrast by adding a background (Brian Edelman, Simon Evans, Ben Enright)
+ * Support the rel attribute on custom ModelAdmin buttons (Andy Chosak)


 2.8 (xx.xx.xxxx) - IN DEVELOPMENT
--- a/docs/releases/2.9.rst
+++ b/docs/releases/2.9.rst
@ -15,6 +15,7 @@ Other features
 ~~~~~~~~~~~~~~

 * Reduced contrast of rich text toolbar (Jack Paine)
+ * Support the rel attribute on custom ModelAdmin buttons (Andy Chosak)


 Bug fixes
--- a/wagtail/contrib/modeladmin/templates/modeladmin/includes/button.html
+++ b/wagtail/contrib/modeladmin/templates/modeladmin/includes/button.html
@ -1 +1 @@
-<a{% if button.url %} href="{{ button.url }}"{% endif %} class="{{ button.classname }}" title="{{ button.title }}"{% if button.target %} target="{{ button.target }}"{% endif %}>{{ button.label }}</a>
+<a{% if button.url %} href="{{ button.url }}"{% endif %} class="{{ button.classname }}" title="{{ button.title }}"{% if button.target %} target="{{ button.target }}"{% endif %}{% if button.rel %} rel="{{ button.rel }}"{% endif %}>{{ button.label }}</a>