Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add noopener noreferrer to blank targets #1883

Merged
merged 1 commit into from
Feb 7, 2024
Merged

Add noopener noreferrer to blank targets #1883

merged 1 commit into from
Feb 7, 2024

Conversation

Fryguy
Copy link
Member

@Fryguy Fryguy commented Feb 6, 2024

This avoids tabnapping exploits.
See CWE-1022

@DavidResende0 Please review.

@miq-bot
Copy link
Member

miq-bot commented Feb 6, 2024

Checked commit Fryguy@1dadcc2 with ruby 2.7.8, rubocop 1.56.3, haml-lint 0.51.0, and yamllint
0 files checked, 0 offenses detected
Everything looks fine. 🍰

DavidResende0
DavidResende0 approved these changes Feb 6, 2024
View reviewed changes
Copy link
Member

@DavidResende0 DavidResende0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, only thing I noticed was that the documentation button redirects you to here:
image

While in the admin ui it takes you straight to the documentation (i.e. https://www.manageiq.org/docs/)

@Fryguy
Copy link
Member Author

Fryguy commented Feb 6, 2024

@DavidResende0 Let me double check that, but I think that's intentional as it allows for overriding the link in productized versions.

@DavidResende0 DavidResende0 merged commit 89aa04e into ManageIQ:master Feb 7, 2024
2 checks passed
@Fryguy
Copy link
Member Author

Fryguy commented Feb 7, 2024

Backported to quinteros in commit a5b4e52.

commit a5b4e52e9bee7200895de10bcce110a513eb6a96
Author: David Resende <[email protected]>
Date:   Wed Feb 7 13:42:59 2024 -0500

    Merge pull request #1883 from Fryguy/target_blank
    
    Add noopener noreferrer to blank targets
    
    (cherry picked from commit 89aa04e791aa44ede1ebed3a8e8aaa5b6e04b168)

Fryguy pushed a commit that referenced this pull request Feb 7, 2024
@DavidResende0 @Fryguy
Merge pull request #1883 from Fryguy/target_blank
a5b4e52 
Add noopener noreferrer to blank targets

(cherry picked from commit 89aa04e)
@Fryguy Fryguy deleted the target_blank branch February 7, 2024 19:19
@Fryguy
Copy link
Member Author

Fryguy commented Feb 8, 2024

Backported to morphy in commit d043b46.

commit d043b46c93fa8117856916f54b9649c802f4b02b
Author: David Resende <[email protected]>
Date:   Wed Feb 7 13:42:59 2024 -0500

    Merge pull request #1883 from Fryguy/target_blank
    
    Add noopener noreferrer to blank targets
    
    (cherry picked from commit 89aa04e791aa44ede1ebed3a8e8aaa5b6e04b168)

Fryguy pushed a commit that referenced this pull request Feb 8, 2024
@DavidResende0 @Fryguy
Merge pull request #1883 from Fryguy/target_blank
d043b46 
Add noopener noreferrer to blank targets

(cherry picked from commit 89aa04e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DavidResende0 DavidResende0 DavidResende0 approved these changes

Assignees

@DavidResende0 DavidResende0

Labels
enhancement morphy/backported quinteros/backported
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Fryguy @miq-bot @DavidResende0