Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve CodeQL alert 1 "Potentially unsafe external link" #5673

Closed
6 tasks done
Tracked by #5129
roslynwythe opened this issue Oct 8, 2023 · 3 comments · Fixed by #5961
Closed
6 tasks done
Tracked by #5129

Resolve CodeQL alert 1 "Potentially unsafe external link" #5673

roslynwythe opened this issue Oct 8, 2023 · 3 comments · Fixed by #5961
Assignees
@sornekian
Labels
Feature: Code Alerts good first issue Good for newcomers P-Feature: About Us https://www.hackforla.org/about/ role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Milestone
02. Security

Comments

@roslynwythe
Copy link
Member

roslynwythe commented Oct 8, 2023
edited by t-will-gillis
Loading

Prerequisite

  1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
  2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to resolve the alert "Potentially unsafe external link" which appears in the CodeQL alert 1 by adding the attribute rel="noopener noreferrer"

Action Items

  • The following item is required for GitHub to establish tracking between this issue and the alert. No action is required. You may simply check the checkbox. If you do follow the link to learn more about CodeQL alerts, DO NOT DISMISS THE ALERT.
  • https://github.com/hackforla/website/security/code-scanning/1
  • Open the file _includes/about-page/about-card-sponsors.html in your IDE
  • Replace
<a href="{{sponsor.link}}" target="_blank" alt="{{sponsor.name}}">

with

<a href="{{sponsor.link}}" target="_blank" alt="{{sponsor.name}}" rel="noopener noreferrer">
  • Using Docker, check the page remains the same in mobile, tablet, and desktop views as on the current website (See 2 in the Resources/Instructions section below)

Merge Team

Resources/Instructions

  1. GitHub CodeQL documentation
  2. For QA to validate change: https://github.com/hackforla/website/blob/gh-pages/_includes/about-page/about-card-sponsors.html
  3. Webpage(s): https://www.hackforla.org/about/
  4. This issue is part of Epic: Create issues to resolve CodeQL alerts 1- 24, 98 "Potentially unsafe external link" #5129
@roslynwythe roslynwythe added Feature Missing This label means that the issue needs to be linked to a precise feature label. role missing size: missing labels Oct 8, 2023
@github-actions

This comment was marked as resolved.

Sign in to view
@roslynwythe roslynwythe changed the title resolve CodeQL alert 1 "Potentially unsafe external link" Resolve CodeQL alert 1 "Potentially unsafe external link" Oct 8, 2023
@roslynwythe roslynwythe added good first issue Good for newcomers size: 0.25pt Can be done in 0.5 to 1.5 hours role: front end Tasks for front end developers role: back end/devOps Tasks for back-end developers Feature: Code Alerts P-Feature: About Us https://www.hackforla.org/about/ and removed Feature Missing This label means that the issue needs to be linked to a precise feature label. role missing size: missing labels Oct 8, 2023
@roslynwythe roslynwythe mentioned this issue Oct 8, 2023
Open
29 tasks
@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Nov 6, 2023
@sornekian sornekian self-assigned this Nov 30, 2023
@github-actions GitHub Actions
Copy link

Hi @sornekian, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

@sornekian
Copy link
Member

sornekian commented Nov 30, 2023
edited
Loading

Availability: Weekdays 3-8pm pst
ETA: 12/04/23 4pm pst

@sornekian sornekian mentioned this issue Dec 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sornekian sornekian

Labels
Feature: Code Alerts good first issue Good for newcomers P-Feature: About Us https://www.hackforla.org/about/ role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Projects
P: HfLA Website: Project Board
Archived in project
Milestone
02. Security
Development

Successfully merging a pull request may close this issue.

updates external links by adding rel
3 participants
@roslynwythe @ExperimentsInHonesty @sornekian