Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsafe_Use_Of_Target_blank #13820

Closed
kpu32167 opened this issue May 30, 2023 · 4 comments · Fixed by #14268
Closed

Unsafe_Use_Of_Target_blank #13820

kpu32167 opened this issue May 30, 2023 · 4 comments · Fixed by #14268
Assignees
@aakankshabhende
Labels
good first issue Good for newcomers security Security related

Comments

@kpu32167
Copy link

Hi.
We have found an issue in argo source code in version v2.5.17 (Unsafe_Use_Of_Target_blank).
https://github.com/argoproj/argo-cd/blob/c06f954730928a2a739e8c1276e9f24738d932a3/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx#LL262C71-L262C71
Can you fix this issue by adding rel='noopener noreferrer' to link ?
@crenshaw-dev
Copy link
Member

@kpu32167 would you be up for opening a PR?

@crenshaw-dev
Copy link
Member

I believe the check is a false-positive, because the link doesn't open an external site. But no harm in adding the attribute.

@todaywasawesome todaywasawesome added good first issue Good for newcomers security Security related labels Jun 28, 2023
@todaywasawesome
Copy link
Contributor

Agreed.

@kpu32167 this is an easy PR if you want to open it, we'll merge it.

@aakankshabhende
Copy link
Contributor

@crenshaw-dev @todaywasawesome I would like to work on this issue. Could you please assign me this?

@aakankshabhende aakankshabhende mentioned this issue Jun 29, 2023
Merged
13 tasks
crenshaw-dev pushed a commit that referenced this issue Jun 30, 2023
@aakankshabhende
fix(ui): Added rel="noopener noreferrer" to link (#13820) (#14268)
a855305 
* Added rel attribute to link

Signed-off-by: aakankshabhende <[email protected]>

* Fixed lint error

Signed-off-by: aakankshabhende <[email protected]>

---------

Signed-off-by: aakankshabhende <[email protected]>
yyzxw pushed a commit to yyzxw/argo-cd that referenced this issue Aug 9, 2023
@aakankshabhende
fix(ui): Added rel="noopener noreferrer" to link (argoproj#13820) (ar…
20b8b8e 
…goproj#14268)

* Added rel attribute to link

Signed-off-by: aakankshabhende <[email protected]>

* Fixed lint error

Signed-off-by: aakankshabhende <[email protected]>

---------

Signed-off-by: aakankshabhende <[email protected]>
@suzaku suzaku mentioned this issue Aug 15, 2023
Closed
tesla59 pushed a commit to tesla59/argo-cd that referenced this issue Dec 16, 2023
@aakankshabhende @tesla59
fix(ui): Added rel="noopener noreferrer" to link (argoproj#13820) (ar…
fb95541 
…goproj#14268)

* Added rel attribute to link

Signed-off-by: aakankshabhende <[email protected]>

* Fixed lint error

Signed-off-by: aakankshabhende <[email protected]>

---------

Signed-off-by: aakankshabhende <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aakankshabhende aakankshabhende

Labels
good first issue Good for newcomers security Security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(ui): Added rel="noopener noreferrer" to link (#13820) aakankshabhende/argo-cd
4 participants
@crenshaw-dev @todaywasawesome @kpu32167 @aakankshabhende