You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by GitBox <gi...@apache.org> on 2021/09/01 17:47:03 UTC

[GitHub] [zeppelin] izeren-amzn commented on pull request #4212: [ZEPPELIN-5395] Address tab nabbing vulnerability

izeren-amzn commented on pull request #4212:
URL: https://github.com/apache/zeppelin/pull/4212#issuecomment-910511904


   > Thank you. Changes LGTM.
   > 
   > Just wondering why the addition of `noreferrer` `noopener` was not added for the following:
   > 
   > * `docs/interpreter/cassandra.md`... lines 166, 175, 184 (just wondering since `docs/interpreter/jdbc.md` has been treated)
   > * `zeppelin-web/src/app/home/home.html`... lines 60, 67, 69, 71 (is the reason that the links are to `github.com` and `apache.org` and we definitely trust those websites forever?
   > * `zeppelin-web-angular/src/app/pages/workspace/interpreter/item/item.component.html`... lines 98, 328 (is it because an Angular plugin is used to automatically add these tags at transpile time?)
   > * and a few other minor similar examples that broadly follow the above 3 categories...
   
   It seems I have missed a few files. Added more fixed links, thank you
   
   There are still some anchors rendered with angular (zeppelin-web-angular). Probably, it is good idea to add special directive for any external links https://coryrylan.com/blog/managing-external-links-safely-in-angular rather than fix all that links manually. But I would rather ask maintainers before


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@zeppelin.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org