You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@zookeeper.apache.org by an...@apache.org on 2019/01/31 13:18:10 UTC

[zookeeper] branch master updated: ZOOKEEPER-3238: Adding noreferrer to target blank link

This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new e1e69b9  ZOOKEEPER-3238: Adding noreferrer to target blank link
e1e69b9 is described below

commit e1e69b986e6263c594042ab6288c5d6384babc6e
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jan 31 14:18:06 2019 +0100

    ZOOKEEPER-3238: Adding noreferrer to target blank link
    
    In zookeeper-contrib-huebrowser, there is a link that uses target="_blank". Best security practise is to also add rel="noopener noreferrer". See for example: https://dev.to/ben/the-targetblank-vulnerability-by-example.
    
    Note I did not test this as I do not use hue. However it is a fairly trivial change.
    
    Author: Colm O hEigeartaigh <co...@apache.org>
    
    Reviewers: andor@apache.org
    
    Closes #762 from coheigea/add_noreferrer
---
 .../zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako b/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
index c74c202..07c91c3 100644
--- a/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
+++ b/zookeeper-contrib/zookeeper-contrib-huebrowser/zkui/src/zkui/templates/tree.mako
@@ -69,7 +69,7 @@ ${shared.header("ZooKeeper Browser > Tree > %s > %s" % (cluster['nice_name'], pa
 </table>
 
 <br />
-<a target="_blank" href="http://zookeeper.apache.org/docs/current/zookeeperProgrammers.html#sc_zkStatStructure">Details on stat information.</a>
+<a target="_blank" rel="noopener noreferrer" href="http://zookeeper.apache.org/docs/current/zookeeperProgrammers.html#sc_zkStatStructure">Details on stat information.</a>
 
 ${shared.footer()}