vitamin-web icon indicating copy to clipboard operation
vitamin-web copied to clipboard

Published 20 hours ago verified publisher icon Decathlon

feat(@vtmn): add rel attribute for blank link targets to prevent security issues

Open GaspardMathon opened this issue 1 year ago • 2 comments

Changes description

  • Add rel="noopener noreferrer" to every link with an explicit target value set to _blank to prevent security issues

Context

  • Close #1242

Checklist

  • [x] Make sure you are requesting to pull a topic/feature/bugfix branch. Please, don't request directly from your main!
  • [x] Check commits & PR names matches our requested structure. It must follow the https://www.conventionalcommits.org pattern.
  • [x] Check your code additions will fail neither code linting checks.
  • [x] I have reviewed the submitted code.
  • [x] I have tested on related showcases.
  • [x] If it includes design changes, please ask for a review with a core team designer.

Does this introduce a breaking change?

  • No

Other information

Thanks @Tlahey for the issue 🔥

GaspardMathon avatar Aug 25 '22 15:08 GaspardMathon

Of course @lauthieb ! This security issue must be include inside the components :)

if target = _blank and rel doesn't include noopener add noopener / rel doesn't include noreferrer add noreferrer

Tlahey avatar Aug 26 '22 08:08 Tlahey

@GaspardMathon I will provide the changes on the svelte part :)

Tlahey avatar Sep 13 '22 06:09 Tlahey

@thibault-mahe for me that's ok. If we are sure there's no breaking change, you can merge it directly. If there are breaking changes, please merge & inform all our consumers. Thanks!

lauthieb avatar Oct 12 '22 12:10 lauthieb