Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updates external links by adding rel #5961

Merged
merged 1 commit into from
Dec 8, 2023
Merged

updates external links by adding rel #5961

merged 1 commit into from
Dec 8, 2023

Conversation

sornekian
Copy link
Member

Fixes #5673

What changes did you make?

  • Added "rel="noopener noreferrer"" to code on the About page under Sponsors.

Why did you make the changes (we will use this info to test)?

  • Original code line required this addition because it does not specify link type. This line was added so that it could access the DOM of the origin page.

Screenshots of Proposed Changes Of The Website (if any, please do not screen shot code changes)

Visuals before changes are applied before
Visuals after changes are applied after1 after2

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 5, 2023

Want to review this pull request? Take a look at this documentation for a step by step guide!

From your project repository, check out a new branch and test the changes.

git checkout -b sornekian-resolve-codeql-5673 gh-pages
git pull https://github.com/sornekian/website.git resolve-codeql-5673

Note that CONTRIBUTING.md cannot previewed locally; rather it should be previewed at this URL:

https://github.com/sornekian/website/blob/resolve-codeql-5673/CONTRIBUTING.md

@github-actions github-actions bot added good first issue Good for newcomers role: front end Tasks for front end developers role: back end/devOps Tasks for back-end developers P-Feature: About Us https://www.hackforla.org/about/ size: 0.25pt Can be done in 0.5 to 1.5 hours Feature: Code Alerts labels Dec 5, 2023
@freaky4wrld freaky4wrld self-requested a review December 6, 2023 05:07
@freaky4wrld
Copy link
Member

Availability: Evenings
ETA: EOD 12/6/23

@jphamtv jphamtv self-requested a review December 6, 2023 06:22
@jphamtv
Copy link
Member

jphamtv commented Dec 6, 2023

Availability: Monday-Friday 12–2 PM, 8–10 PM (PST)
Estimated ETA: 12/06/23

freaky4wrld
freaky4wrld approved these changes Dec 6, 2023
View reviewed changes
Copy link
Member

@freaky4wrld freaky4wrld left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi there @sornekian , great work there all the work assigned to you in the issue is done correctly

  • the to/from branch looks good
  • the visual changes are completely applied in the local environment and are responsive
  • the changes specified in the CodeQL is done correctly and looks good
  • the issue linked is correct too

Great work there, I approve this PR.......

jphamtv
jphamtv approved these changes Dec 7, 2023
View reviewed changes
Copy link
Member

@jphamtv jphamtv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @sornekian, I've reviewed the changes in your branch and confirm that the code added to resolve the issue is correct, clean, and does not affect the visuals on the About page. PR is approved, nice job!

I noticed that the for loop for dynamic sponsor element creation is currently commented out, and sponsor links are manually added below. Assuming these are for testing, as the site doesn't have a public link to the page yet, they lack the rel="noopener noreferrer" attribute. It might be good to mention this on the issue page, recommending to address this before the page goes live.

@t-will-gillis t-will-gillis merged commit 85c9415 into hackforla:gh-pages Dec 8, 2023
10 checks passed
@t-will-gillis
Copy link
Member

Hey @sornekian - Great job on the PR!

@jphamtv Saw your comment about the sponsor links on lines 15, 18, and 21. I.e. should these also have the rel="noopener noreferrer" since these are similar links?

Good observation and thanks for bringing up the question. I was curious about why CodeQL was not flagging these links- I am guessing that CodeQL is not explicitly scanning HTML, only the embedded Liquid snippets, but I could be wrong. I would agree that if we are fixing one link we should fix the others. (Incidentally the article attached to the CodeQL alert says that modern browsers (2021+) have addressed this previous vulnerability.) I will put this on the list to discuss with @roslynwythe - January sometime.

@t-will-gillis t-will-gillis mentioned this pull request Dec 8, 2023
Open
29 tasks
@jphamtv
Copy link
Member

jphamtv commented Dec 9, 2023

Thanks @t-will-gillis !

@sornekian sornekian deleted the resolve-codeql-5673 branch December 13, 2023 19:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@freaky4wrld freaky4wrld freaky4wrld approved these changes

@jphamtv jphamtv jphamtv approved these changes

Assignees
No one assigned
Labels
Feature: Code Alerts good first issue Good for newcomers P-Feature: About Us https://www.hackforla.org/about/ role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 0.25pt Can be done in 0.5 to 1.5 hours
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Resolve CodeQL alert 1 "Potentially unsafe external link"
4 participants
@sornekian @freaky4wrld @jphamtv @t-will-gillis