zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From an...@apache.org
Subject [zookeeper] branch master updated: ZOOKEEPER-3238: Adding noreferrer to target blank link
Date Thu, 31 Jan 2019 13:18:10 GMT
This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git

The following commit(s) were added to refs/heads/master by this push:
     new e1e69b9  ZOOKEEPER-3238: Adding noreferrer to target blank link
e1e69b9 is described below

commit e1e69b986e6263c594042ab6288c5d6384babc6e
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Thu Jan 31 14:18:06 2019 +0100

    ZOOKEEPER-3238: Adding noreferrer to target blank link
    In zookeeper-contrib-huebrowser, there is a link that uses target="_blank". Best security
practise is to also add rel="noopener noreferrer". See for example: https://dev.to/ben/the-targetblank-vulnerability-by-example.
    Note I did not test this as I do not use hue. However it is a fairly trivial change.
    Author: Colm O hEigeartaigh <coheigea@apache.org>
    Reviewers: andor@apache.org
    Closes #762 from coheigea/add_noreferrer
 .../zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
index c74c202..07c91c3 100644
--- a/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
+++ b/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
@@ -69,7 +69,7 @@ ${shared.header("ZooKeeper Browser > Tree > %s > %s" % (cluster['nice_name'],
 <br />
-<a target="_blank" href="http://zookeeper.apache.org/docs/current/zookeeperProgrammers.html#sc_zkStatStructure">Details
on stat information.</a>
+<a target="_blank" rel="noopener noreferrer" href="http://zookeeper.apache.org/docs/current/zookeeperProgrammers.html#sc_zkStatStructure">Details
on stat information.</a>

View raw message