fix(security): audit external links for tabnabbing vulnerability markdown#2798
fix(security): audit external links for tabnabbing vulnerability markdown#2798Viidhii19 wants to merge 7 commits into
Conversation
Closes Priyanshu-byte-coder#2797 Audited the frontend and confirmed that all external links with target='_blank' already properly implement rel='noopener noreferrer'.
Closes Priyanshu-byte-coder#2797 Audited the frontend and confirmed that all external links with target='_blank' already properly implement rel='noopener noreferrer'.
Closes Priyanshu-byte-coder#2797 Audited the frontend and confirmed that all external links with target='_blank' already properly implement rel='noopener noreferrer'.
GSSoC Label Checklist 🏷️@Priyanshu-byte-coder — please apply the appropriate labels before merging: Difficulty (pick one):
Quality (optional):
Validation (required to score):
|
|
This PR only adds a |
|
The diff only adds find.js — a local file-walker script that looks like leftover debugging tooling. The tabnabbing audit changes described in the title aren't in the diff. Not mergeable. |
UpdateRemoved the leftover Tabnabbing Security Audit — Full ResultsI manually audited every instance of Audit Table
ConclusionThe DevTrack frontend is already fully protected against tabnabbing. Every Closes #2797 |
Summary
Audited the frontend codebase to address the tabnabbing vulnerability. Verified that all external links utilizing
target="_blank"already securely implement therel="noopener noreferrer"attribute.Closes #2797
Type of Change
What Changed
src/components/,src/app/, Footer, Header/Navbar, and Public Profile widgets.target="_blank"currently existing in the repository already contain the requiredrel="noopener noreferrer"attribute.How to Test
target="_blank".<a href>and<Link>tags.Expected result: Every tag utilizing
target="_blank"will already be accompanied byrel="noopener noreferrer".Checklist
console.log, debug code, or commented-out blocksnpm run lintpasses locallynpm run type-check)Additional Context