Fix: Social Icons Blocks > link attributes rel values inconsistencies

[dhananjaykuber]

Fixes #53873

What?

Updates the Social Links block to improve handling of rel attributes in social links, particularly focusing on security attributes for links that open in new tabs while allowing proper customization of rel values.

Why?

Currently, the Social Links block has several issues with rel attribute handling:

• When "Open in New Tab" is enabled, it adds both noopener nofollow by default
• The nofollow value is unnecessarily applied and can negatively impact SEO
• When overriding rel attributes via Advanced settings, values are cumulative with no way to remove nofollow

How?

Modifies the render_block_core_social_link function to:

• Always include noopener noreferrer for security when target="_blank" is used
• Remove automatic nofollow
• Allow custom rel values to override defaults while preserving security attributes

Testing Instructions

• Create a new post or page
• Add a Social Links block
• Add any social link (e.g., WordPress)

Test the following scenarios:

Scenario 1: Default Behavior

• Add a social link
• View source code
• Verify no rel attributes are added by default

Scenario 2: Open in New Tab

• Enable "Open in New Tab" setting
• View source code
• Verify only noopener noreferrer are added (no nofollow)

Scenario 3: Custom Rel Attributes

• Open Advanced settings
• Add custom rel value (e.g., nofollow)
• View source code
• Verify custom value appears
• Enable "Open in New Tab"
• Verify custom value remains along with noopener noreferrer

Screenshots or screencast

After adding custom rel attribute when "Open in New Tab" is enabled

After not adding anything in custom rel attribute when "Open in New Tab" is enabled

No nofollow rel attribute is added by default

[github-actions]

Warning: Type of PR label mismatch

To merge this PR, it requires exactly 1 label indicating the type of PR. Other labels are optional and not being checked here.

• Type-related labels to choose from: [Type] Automated Testing, [Type] Breaking Change, [Type] Bug, [Type] Build Tooling, [Type] Code Quality, [Type] Copy, [Type] Developer Documentation, [Type] Enhancement, [Type] Experimental, [Type] Feature, [Type] New API, [Type] Task, [Type] Technical Prototype, [Type] Performance, [Type] Project Management, [Type] Regression, [Type] Security, [Type] WP Core Ticket, Backport from WordPress Core, Gutenberg Plugin.
• Labels found: .

Read more about Type labels in Gutenberg. Don't worry if you don't have the required permissions to add labels; the PR reviewer should be able to help with the task.

[github-actions]

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: dhananjaykuber <[email protected]>
Co-authored-by: Marc-pi <[email protected]>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

[t-hamano]

It has been proposed to remove the noreferrer and nofollow noopener attributes: #26914

Before moving forward with this PR, it would be a good idea to agree up front on how the entire Gutenberg project will handle these attributes.